Protect Your Systems from CVE-2023-23397: A Critical Vulnerability in Outlook
Earlier this week, our TSI Managed Services team addressed a critical vulnerability (CVE-2023-23397) impacting Outlook for our clients. Learn more about the vulnerability and how to protect your systems below.
What is CVE-2023-23397 – the CVE impacting Outlook?
Microsoft disclosed a critical vulnerability to Outlook called CVE-2023-23397 on March 14 as part of the March Patch Tuesday fixes.
This vulnerability is considered a significant threat, with a rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. It is also classified as a zero-day exploit, a previously unknown vulnerability that a hacker can exploit without user interaction.
The vulnerability is an elevation of privilege (EoP) issue, which means that a hacker could use it to gain higher access privileges than they should have on a system. This vulnerability is especially dangerous because it allows attackers to control a system or access sensitive information without detection. The vulnerability affects all Windows Outlook versions, making it a widespread issue.
How do Hackers exploit this vulnerability?
An attacker can send a message to a victim with a link to a dangerous website. The exploit will still run even if the victim doesn’t open or see the message. The attacker can then send a fake calendar reminder (.msg – the message format that supports reminders in Outlook) to the victim to trigger the hacked PlayReminderSound (the custom alert sound option for Outlook reminders). When the victim tries to turn off the sound reminder, they unknowingly connect to the attacker’s server, which gives the attacker access to the victim’s computer, and makes it easy for them to get into other systems that use the same security method.
When the victim connects to the attacker’s SMB server, the connection to the remote server sends the user’s New Technology LAN Manager (NTLM) negotiation message automatically, which the attacker can use for authentication against other systems that support NTLM authentication.
As your IT support and cybersecurity partner, we proactively patch Microsoft OS & Office vulnerabilities on your behalf to safeguard your systems against these types of cyber threats.
What you need to do
Microsoft has released a patch to fix the problem. Still, users must ensure their systems are up-to-date with the latest security patches to stay protected from this and other potential vulnerabilities.
Updates and patching from TSI are only effective if we have your support and commitment to vigilantly remind your users of the importance of keeping their machines online during your pre-scheduled system update and patching maintenance window.
Without your help, there will be an unnecessary security risk to your organization.
Please remind your team to be aware of the cybersecurity implications of failing to update their machines- especially when these critical vulnerabilities present an imminent risk to your organization.
Contact us if you have any questions.
As always, we’re here to function as your IT and cybersecurity partner. Please don’t hesitate to contact your Account Manager with questions, concerns, or assistance. Again, thank you in advance for reading our notification, and we look forward to following up with any actionable updates or identifiable next steps.
Cybersecurity and Compliance Manager
Chris Riani joined TSI in 2021, and currently serves as our Cybersecurity and Compliance Manager. Chris has over a decade of experience in IT, with most of his time spent managing and protecting critical IT environments within the DoD and the private sector. A ten-year Air Force Veteran, his background includes Application Administration, Networking, and Systems Design, as well as Virtualization and Cloud Security.
Chris is a graduate of Champlain College in Vermont, where he studied a wide variety of technology and security focused topics. He holds numerous IT and security certifications, such as CompTIA’s CASP+ and is also a CISSP. It comes as no surprise that Chris’s true passion is bridging the gap between operational IT requirements and information security.
Outside of work, Chris enjoys coaching soccer, spending time with his family, and playing the guitar.