The Latest ‘Critical’ Microsoft Outlook Vulnerability: 5 Things To Know

Patch now

Newly discovered software vulnerabilities may be commonplace, but some are more of a problem than others. And by all appearances, the zero-day vulnerability in Outlook that Microsoft disclosed earlier this week is a problematic one.

[Related:
The Latest Zero-Day Vulnerabilities From Apple, Microsoft]

Security researchers say that patching the Privilege Elevation vulnerability in Outlook should be prioritized as the vulnerability is considered easy to exploit and is in fact actively exploited. “We strongly encourage all customers to update Microsoft Outlook for Windows to stay secure,” Microsoft said in a Tuesday post.

However, there is evidence that even with the patch provided, the Critical severity vulnerability can still be exploited under certain conditions. Microsoft acknowledged the possibility in a statement to CRN on Friday, but noted that the technique described by several security researchers “requires that an attacker has already gained access to internal networks.”

The Outlook vulnerability was disclosed by Microsoft on Tuesday and is tracked under CVE-2023-23397. The company reiterated its call for organizations to fix the vulnerability in its Friday statement.

Below are five things you need to know about the latest critical vulnerability in Microsoft Outlook.

Why it’s a big concern

The Privilege Elevation vulnerability in Outlook has led to calls for an immediate patch due to its unique qualities. Namely, “Unlike other exploits we’ve seen in the past, this exploit is particularly dangerous because no user interaction is required to trigger the exploit,” wrote John Hammond, senior security researcher at Huntress, in a blog post on Friday. “Once an infected email arrives in a Microsoft Outlook inbox, sensitive credential hashes can be retrieved.”

After the attacker sends the malicious email, they can collect so-called Net-NTLMv2 hashes, a type of credential that can allow the attacker to authenticate in Windows environments, Hammond said. “This allows threat actors to potentially authenticate themselves as victims, escalate privileges, or further compromise the environment.”