CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability
CVE-2023-23397
Microsoft | Office
- Date Added:
- 2023-03-14
- Due Date:
- 2023-04-04
- Vulnerability Name
Microsoft Office Outlook Privilege Escalation Vulnerability
- Description
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
Free online web security scanner