Zero-day Vulnerability in Outlook
Microsoft has patched a zero-day vulnerability in Outlook (CVE-2023-23397) actively exploited by various threat actor groups. The vulnerability (CVE-2023-23397) is a critical Outlook elevation of privilege flaw exploitable with no user interaction in low-complexity attacks. Threat actors can exploit this vulnerability by sending specially crafted messages with extended MAPI properties containing UNC paths to an SMB share (TCP 445) under their control. Microsoft has added that they detected the security vulnerability was being exploited in attacks to target around 15 government, military, energy, and transportation organizations between mid-April and December 2022.
You must log in to post a comment.