Exploitation of this vulnerability can take place before the email is viewed in the Preview Pane. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.Īnother piece of useful information is that the Outlook Preview Pane is not an attack vector. Microsoft mentions the following about the exploitation process:Įxternal attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. Do keep in mind that, unfortunately, Lansweeper cannot report on the KB updates that address this vulnerability. CVE-2023-23397 has already been exploited, so it is important to update as soon as possible. The most pressing vulnerability this month is one in Microsoft Outlook. ⚡ TL DR | Go Straight to the March 2023 Patch Tuesday Audit Report Microsoft Outlook Elevation of Privilege Vulnerability We've listed the most important changes below. The March 2023 edition of Patch Tuesday brings us 80 fixes, with 9 rated as critical. The audit report gives you a quick and clear overview of your Windows machines and their patching status. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress.
0 kommentar(er)
