Microsoft has warned of a critical vulnerability in its flagship Microsoft Outlook software, which is being exploited by a "Russian-based threat actor" in-the-wild. The Microsoft Security Response Center (MSRC) has published mitigation guidance and a CVE-2023-23397 script to help with audit and cleanup.
"We strongly recommend all customers update Microsoft Outlook for Windows to remain secure," said Microsoft. The vulnerability, CVE-2023-23397, is a privilege escalation issue triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server.
"No user interaction is required," Microsoft warned. "Because this flaw could lead to exploitation BEFORE the email is viewed in the Preview Pane, enterprise security teams are urged to prioritize the deployment of this update," the company added. Microsoft also flagged a second vulnerability, CVE-2023-24880, for urgent attention and warned attackers are continuing to actively bypass its SmartScreen security feature. As noted by Microsoft, "Organizations should review the output of this script to determine risk. Tasks, email messages and calendar items that are detected and point to an unrecognized share should be reviewed to determine if they are malicious. If objects are detected, they should be removed or clear the parameter."