Microsoft Warns of Outlook Zero-Day Exploitation, Offers Detection Script

March 15, 2023

Microsoft has warned of a critical vulnerability in its flagship Microsoft Outlook software, which is being exploited by a "Russian-based threat actor" in-the-wild. The Microsoft Security Response Center (MSRC) has published mitigation guidance and a CVE-2023-23397 script to help with audit and cleanup.

"We strongly recommend all customers update Microsoft Outlook for Windows to remain secure," said Microsoft. The vulnerability, CVE-2023-23397, is a privilege escalation issue triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server.

"No user interaction is required," Microsoft warned. "Because this flaw could lead to exploitation BEFORE the email is viewed in the Preview Pane, enterprise security teams are urged to prioritize the deployment of this update," the company added. Microsoft also flagged a second vulnerability, CVE-2023-24880, for urgent attention and warned attackers are continuing to actively bypass its SmartScreen security feature. As noted by Microsoft, "Organizations should review the output of this script to determine risk. Tasks, email messages and calendar items that are detected and point to an unrecognized share should be reviewed to determine if they are malicious. If objects are detected, they should be removed or clear the parameter."

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.