Skip to content

Microsoft’s March 2023 Patch Tuesday includes a fix for a privilege elevation vulnerability that has been seen actively exploited and affects all supported versions of Microsoft Outlook for Windows.

The vulnerability, tracked as CVE-2023-23397, exists within the Outlook email security service Exchange Online Protection (EOP), which filters spam and identifies malware within emails. Threat actors can exploit the vulnerability by sending a specially crafted email that returns the user’s hashed (a form of encryption) password. With the hash, the attacker can authenticate themselves and access other systems. Notably, Microsoft has stated that other online services, such as Microsoft 365, cannot be accessed with the form of authentication that is compromised in this attack.

Microsoft has also stated that they are aware of limited, targeted attacks using this vulnerability originating from a Russian-based threat actor. These attacks have seen some European governments, transportation, energy, and military sectors compromised.

This vulnerability can be fixed by applying the March 2023 Patch Tuesday updates to your systems, specifically the Outlook security update. Microsoft has warned that customers should apply these updates regardless of where their mail server is hosted (such as with Exchange Online, Exchange Server, or other platforms).

Developers have also created a script that can allow server administrators to see if any of their users have been targeted by this vulnerability and will say if any users have been targeted by potentially malicious messages that look to exploit CVE-2023-23397— further technical details on the Microsoft Exchange Server Security Updates blog.

Related Links: