There is no user interaction required to trigger this vulnerability. Once Outlook receives this message it initiates a NTLM authentication with this SMB share server. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.Īn attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention - A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP 445) share. On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |