Attackers Exploit Outlook Clients

Microsoft recently reported that CVE-2023-23397, a critical Outlook vulnerability, is currently being exploited in the wild by a Russian-state-sponsored threat actor known as Forrest Blizzard.
This vulnerability allowed threat actors to exploit an Outlook client by extracting NTLM credentials while establishing a connection to the attacker-controlled server.
This vulnerability was also known to be a zero-click vulnerability.
CVE-2023-23397 was patched as part of the March 2023 security patches.
A new bypass has been discovered as a workaround for the patch released by Microsoft.
This bypass has been assigned with CVE-2023-35384 and severity as 6.5.
In addition to this, a new remote code execution vulnerability, which exists in the Windows Media Foundation Core, has also been discovered.
This vulnerability has been assigned with CVE-2023-36710, and the severity has been given as 7.8.
This vulnerability exists in the CreateFile, in which a path separator can either be a forward slash or a backward slash.
In other words, CreateFile treats the crafted input as a Windows Local Path, whereas MapUrlToZone treats it as a URL. This can be leveraged as an advantage to load a malicious audio file into Outlook as a means of bypassing the security patch.
A malicious audio file is played with the function mapWavePrepareHeader in the Audio Compression Manager.
This function is vulnerable to an integer overflow attack as the function does not check for the size of the stream.
An attacker can use a malicious wave file with a size bigger or equal to 0xffffff50, which could result in exploiting this vulnerability.
The smallest possible size with IMA ADP code is 1 GB, according to the calculations.
According to the reports shared with Cyber Security News, by combining these two vulnerabilities, an attacker can perform a zero-click remote code execution on a victim.
Although Microsoft has patched this vulnerability, it is still evident that there are bypass methods for threat actors to exploit this vulnerability.
A complete report has been published by Akamai, providing detailed information about the Outlook vulnerability, source code, functions, workarounds, and other information.
Microsoft has also provided full guidance on detecting and mitigating the original Outlook vulnerability.
It is recommended for every organization to follow the steps provided and remediate the vulnerabilities to prevent them from getting exploited.


This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 19 Dec 2023 13:05:04 +0000


Cyber News related to Attackers Exploit Outlook Clients

Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
9 months ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
11 months ago Bleepingcomputer.com
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
9 months ago Bleepingcomputer.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
9 months ago Bleepingcomputer.com
Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
11 months ago Techtarget.com
CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
5 months ago
CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
5 months ago
Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
10 months ago Cysecurity.news
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
11 months ago Bleepingcomputer.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
11 months ago Darkreading.com
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
11 months ago Securityboulevard.com
Microsoft fixes Outlook email sending issue for users with many folders - ​Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. In August, Microsoft also shared temporary workarounds for known issues triggering Gmail ...
1 month ago Bleepingcomputer.com
Hackers Actively Exploiting Outlook Privilege Escalation Flaw - Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool. Exploiting vulnerabilities in Outlook allows hackers to:-. In collaboration with the Polish Cyber Command, ...
11 months ago Cybersecuritynews.com
Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
1 year ago Hackread.com
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File - Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be ...
11 months ago Darkreading.com
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
11 months ago Bleepingcomputer.com
Attackers Exploit Outlook Clients - Microsoft recently reported that CVE-2023-23397, a critical Outlook vulnerability, is currently being exploited in the wild by a Russian-state-sponsored threat actor known as Forrest Blizzard. This vulnerability allowed threat actors to exploit an ...
11 months ago Cybersecuritynews.com
Best of 2023: Detecting CVE-2023-23397: How to Identify Exploitation of the Latest Microsoft Outlook Vulnerability - As we close out 2023, we at Security Boulevard wanted to highlight the most popular articles of the year. Following is the latest in our series of the Best of 2023. Microsoft recently released patches for nearly 80 new security vulnerabilities, ...
10 months ago Securityboulevard.com
CVE-2017-8663 - Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email ...
3 years ago
TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
11 months ago Gbhackers.com
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security researchers at Akamai are sharing details on multiple bypasses for patches Microsoft released for an Outlook zero-click remote code execution vulnerability earlier this year. The original issue, tracked as CVE-2023-23397, was patched by ...
11 months ago Securityweek.com
CVE-2016-3366 - Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in ...
3 years ago
CVE-2017-8571 - Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office ...
3 years ago
CVE-2017-8572 - Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka ...
3 years ago
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)