Protect Your Systems from CVE-2023-23397: A Critical Vulnerability in Outlook
Earlier this week, our TSI Managed Services team addressed a critical vulnerability (CVE-2023-23397) impacting Outlook for our clients. Learn more about the vulnerability and how to protect your systems below.
What is CVE-2023-23397 – the CVE impacting Outlook?
Microsoft disclosed a critical vulnerability to Outlook called CVE-2023-23397 on March 14 as part of the March Patch Tuesday fixes.
This vulnerability is considered a significant threat, with a rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. It is also classified as a zero-day exploit, a previously unknown vulnerability that a hacker can exploit without user interaction.
The vulnerability is an elevation of privilege (EoP) issue, which means that a hacker could use it to gain higher access privileges than they should have on a system. This vulnerability is especially dangerous because it allows attackers to control a system or access sensitive information without detection. The vulnerability affects all Windows Outlook versions, making it a widespread issue.
How do Hackers exploit this vulnerability?
An attacker can send a message to a victim with a link to a dangerous website. The exploit will still run even if the victim doesn’t open or see the message. The attacker can then send a fake calendar reminder (.msg – the message format that supports reminders in Outlook) to the victim to trigger the hacked PlayReminderSound (the custom alert sound option for Outlook reminders). When the victim tries to turn off the sound reminder, they unknowingly connect to the attacker’s server, which gives the attacker access to the victim’s computer, and makes it easy for them to get into other systems that use the same security method.
When the victim connects to the attacker’s SMB server, the connection to the remote server sends the user’s New Technology LAN Manager (NTLM) negotiation message automatically, which the attacker can use for authentication against other systems that support NTLM authentication.
As your IT support and cybersecurity partner, we proactively patch Microsoft OS & Office vulnerabilities on your behalf to safeguard your systems against these types of cyber threats.
What you need to do
Microsoft has released a patch to fix the problem. Still, users must ensure their systems are up-to-date with the latest security patches to stay protected from this and other potential vulnerabilities.
Updates and patching from TSI are only effective if we have your support and commitment to vigilantly remind your users of the importance of keeping their machines online during your pre-scheduled system update and patching maintenance window.
Without your help, there will be an unnecessary security risk to your organization.
Please remind your team to be aware of the cybersecurity implications of failing to update their machines- especially when these critical vulnerabilities present an imminent risk to your organization.
Contact us if you have any questions.
As always, we’re here to function as your IT and cybersecurity partner. Please don’t hesitate to contact your Account Manager with questions, concerns, or assistance. Again, thank you in advance for reading our notification, and we look forward to following up with any actionable updates or identifiable next steps.