Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps

16-Mar-23

The Microsoft Outlook vulnerability, which was identified at or near the beginning of March, was discovered to have an impact on a number of Microsoft 365 Apps Enterprise stack products, including MS Office 2019, 2016, 2013, and LTSC. Subsequent research showed that the issue appears to be limited to Windows Server 2022 and Windows 11, excluding legacy or earlier editions.

The good news, however, stops there because the vulnerability itself doesn’t call for human involvement. According to the Microsoft advisory, CVE-2023-23397, also known as the Pass-the-Hash attack, demonstrates how the victim’s credentials are immediately sent to the attacker once the forged email appears in the inbox.

Read More…