Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397
26-Mar-23
The problem is a spoofing vulnerability in Microsoft Outlook that can result in the bypassing of authentication. If this vulnerability was exploited successfully, an attacker may acquire access to a user’s Net-NTLMv2 hash, which could be used as the foundation for an NTLM Relay attack against another service to authenticate as the user. reads the advisory that Microsoft released.
“The attacker might take advantage of this weakness by sending a specially written email that immediately activates when it is retrieved and handled by the Outlook client. Before the email is opened in the Preview Pane, this could result in exploitation. A link from the victim to an external UNC site under the attackers’ control could be made using specially crafted emails sent by external attackers.
