Cisco Vulnerability: A Potential Gateway for Hackers
A recently disclosed flaw in Cisco’s Integrated Management Controller (IMC) has raised concerns amongst businesses and individuals. Experts warn that this high-severity vulnerability could allow…
Microsoft Patch Tuesday fixes actively exploited critical vulnerability.
Microsoft’s March 2023 Patch Tuesday includes a fix for a privilege elevation vulnerability that has been seen actively exploited and affects all supported versions of Microsoft Outlook for Windows.
The vulnerability, tracked as CVE-2023-23397, exists within the Outlook email security service Exchange Online Protection (EOP), which filters spam and identifies malware within emails. Threat actors can exploit the vulnerability by sending a specially crafted email that returns the user’s hashed (a form of encryption) password. With the hash, the attacker can authenticate themselves and access other systems. Notably, Microsoft has stated that other online services, such as Microsoft 365, cannot be accessed with the form of authentication that is compromised in this attack.
Microsoft has also stated that they are aware of limited, targeted attacks using this vulnerability originating from a Russian-based threat actor. These attacks have seen some European governments, transportation, energy, and military sectors compromised.
This vulnerability can be fixed by applying the March 2023 Patch Tuesday updates to your systems, specifically the Outlook security update. Microsoft has warned that customers should apply these updates regardless of where their mail server is hosted (such as with Exchange Online, Exchange Server, or other platforms).
Developers have also created a script that can allow server administrators to see if any of their users have been targeted by this vulnerability and will say if any users have been targeted by potentially malicious messages that look to exploit CVE-2023-23397— further technical details on the Microsoft Exchange Server Security Updates blog.
Related Links:
https://www.theregister.com/2023/03/14/microsoft_patch_tuesday/?td=rt-3a – Published March 14th
Related articles
Inside the LabHost Takedown: How Police Busted a Global Phishing Empire
The familiar scenario plays out countless times each day: you receive a panicked text message. Your bank account has been compromised, or a package awaits…
PuTTY SSH Flaw: What You Need to Know
A recently disclosed vulnerability in the popular SSH client PuTTY (versions 0.68 to 0.80) could allow attackers to recover private encryption keys, potentially enabling them…