Zero-day Vulnerability in Outlook

Zero-day Vulnerability in Outlook

   Microsoft Security Zero-day    March 15, 2023  |  0

Microsoft has patched a zero-day vulnerability in Outlook (CVE-2023-23397) actively exploited by various threat actor groups. The vulnerability (CVE-2023-23397) is a critical Outlook elevation of privilege flaw exploitable with no user interaction in low-complexity attacks. Threat actors can exploit this vulnerability by sending specially crafted messages with extended MAPI properties containing UNC paths to an SMB share (TCP 445) under their control. Microsoft has added that they detected the security vulnerability was being exploited in attacks to target around 15 government, military, energy, and transportation organizations between mid-April and December 2022.

 

Recent Comments
    Byte I.T. GaMeRz Discord

    © 2023 All Rights Reserved

    %d bloggers like this: