CyberSecurityBoard
Sponsor Register Login

Akamai discloses zero-click exploit for Microsoft Outlook

While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients.
In a two-part report published Monday, Akamai researcher Ben Barnea detailed the discovery of two new Windows vulnerabilities, tracked as CVE-2023-35384 and CVE-2023-36710, that were reported to and addressed by Microsoft.
By chaining the two flaws, he was able to construct a remote code execution exploit for Outlook that required no user interaction.
Barnea's research was inspired by his previous work on an Outlook mitigation bypass for CVE-2023-23397, a vulnerability that was disclosed and patched in March, but continues to be exploited by a Russian nation-state group.
The new vulnerability, tracked as CVE-2023-29324, was disclosed in May, but Akamai and Microsoft disagreed over the severity.
Microsoft fixed the mitigation bypass in May, but Akamai recommended an additional mitigation step to increase security that went unheeded.
During the investigation into audio files, Barnea discovered two new Windows vulnerabilities that could be chained to conduct a remote attack on Outlook.
CVE-2023-35384 is a security feature bypass vulnerability in the MapUrlToZone function that received a CVSS score of 6.5.
Barnea said exploitation requires an attacker to send an email to an Outlook client, which will then download a special file from the attacker's server.
MapUrlToZone was the security measure Microsoft implemented to fix CVE-2023-23397, which Barnea proved he could bypass with CVE-2023-29324.
The second vulnerability in the new exploit chain, CVE-2023-36710, is a Windows RCE flaw with a 7.8 CVSS score that Akamai discovered in the Audio Compression Manager.
The researchers' goal was to determine whether Outlook could be manipulated into downloading a sound file from a remote location despite Microsoft's previous fixes.
Barnea bypassed mitigations in three attempts and was able to trick Outlook into incorrectly recognizing the functions as coming from a local path.
It was during the third attempt when Barnea discovered the second vulnerability in the chain that allowed for RCE, tracked as CVE-2023-36710.
While there are no reports of exploitation, Akamai warned that the threat vector is attractive to attackers.
Microsoft Exchange and Outlook have come under attack multiple times in recent years, and the software giant has been criticized for its vulnerability patching practices.
Security researchers say inadequate patches have failed to fully address root causes of vulnerabilities, leading to mitigation bypasses and new variant flaws.
TechTarget Editorial contacted Microsoft for comment on the chained exploit.
Barnea told TechTarget Editorial that while the vulnerabilities have been patched, the custom sound notification feature poses risk to Outlook users.
Akamai advised following Microsoft's detection and mitigation guidance for the original Outlook vulnerability, CVE-2023-23397.


This Cyber News was published on www.techtarget.com. Publication date: Mon, 18 Dec 2023 15:13:18 +0000


Cyber News related to Akamai discloses zero-click exploit for Microsoft Outlook

Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
6 months ago Techtarget.com
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File - Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be ...
6 months ago Darkreading.com
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security researchers at Akamai are sharing details on multiple bypasses for patches Microsoft released for an Outlook zero-click remote code execution vulnerability earlier this year. The original issue, tracked as CVE-2023-23397, was patched by ...
6 months ago Securityweek.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
6 months ago Bleepingcomputer.com
Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
4 months ago Bleepingcomputer.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
6 months ago Darkreading.com
Attacks abuse Microsoft DHCP to spoof DNS records The Register - A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We're told the attacks - which are ...
6 months ago Go.theregister.com
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
4 months ago Bleepingcomputer.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
4 months ago Bleepingcomputer.com
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
6 months ago Bleepingcomputer.com
CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
3 weeks ago
CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
3 weeks ago
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
6 months ago Techtarget.com
Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
5 months ago Cysecurity.news
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
6 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
3 weeks ago Securityaffairs.com
Flipper Zero: How to install third-party firmware - I've been having a lot of fun with my Flipper Zero - the all-purpose, pocket-sized hacking and penetration testing tool that looks like a kid's toy. If you're not sure what a Flipper Zero is or what it can do, I suggest reading my Flipper Zero primer ...
1 year ago Zdnet.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
4 months ago Securityzap.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
3 months ago Feeds.dzone.com
Attackers Exploit Outlook Clients - Microsoft recently reported that CVE-2023-23397, a critical Outlook vulnerability, is currently being exploited in the wild by a Russian-state-sponsored threat actor known as Forrest Blizzard. This vulnerability allowed threat actors to exploit an ...
6 months ago Cybersecuritynews.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
6 months ago Microsoft.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
6 months ago Bleepingcomputer.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
4 months ago Darkreading.com
Best of 2023: Detecting CVE-2023-23397: How to Identify Exploitation of the Latest Microsoft Outlook Vulnerability - As we close out 2023, we at Security Boulevard wanted to highlight the most popular articles of the year. Following is the latest in our series of the Best of 2023. Microsoft recently released patches for nearly 80 new security vulnerabilities, ...
5 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)