[ad_1]
Update now to patch a critical vulnerability.
Hackers are actively exploiting a critical escalation of privilege (EoP) vulnerability in Outlook, according to Microsoft. If you’re using Outlook on Windows, you should update your email client today. Large organizations should refer to Microsoft’s guidance to quickly mitigate this threat.
This zero-day vulnerability (CVE-2023-23397) has a rating of 9.8 out of 10 on the CVSS scale, which means it is dangerous and easy to exploit. Details are a bit sparse, but Microsoft explains that a specially crafted email automatically triggers the exploit when Outlook receives it, without any interaction from the victim.
The exploit allows a hacker to access the victim’s Net-NTLMv2 hash. From there, the hacker can gain access to the victim’s network for further attacks or observation. A “Russian-based threat actor” has already used this exploit to target “organizations in the government, transportation, energy, and military sectors in Europe.” (Notably, the vulnerability was first recognized and reported by the Ukrainian CERT security response team.)
A patch for this vulnerability is available in the latest Outlook update. I suggest you manually update Outlook immediately on all Windows PCs in your home. To update Outlook, simply press the “File” tab, select “Microsoft Account” from the pop-up menu, click “Update Options” and select “Update Now”.
Large organizations may find it difficult to update all instances of Outlook. For this reason, Microsoft lists several mitigation methods in its CVE list. Microsoft also offers a PowerShell script that allows organizations to see if they have been targeted by this vulnerability.
Source: Microsoft via Forbes, Bleeping Computer
[ad_2]
