CyberSecurityBoard
Sponsor Register Login

Attackers Exploit Outlook Clients

Microsoft recently reported that CVE-2023-23397, a critical Outlook vulnerability, is currently being exploited in the wild by a Russian-state-sponsored threat actor known as Forrest Blizzard.
This vulnerability allowed threat actors to exploit an Outlook client by extracting NTLM credentials while establishing a connection to the attacker-controlled server.
This vulnerability was also known to be a zero-click vulnerability.
CVE-2023-23397 was patched as part of the March 2023 security patches.
A new bypass has been discovered as a workaround for the patch released by Microsoft.
This bypass has been assigned with CVE-2023-35384 and severity as 6.5.
In addition to this, a new remote code execution vulnerability, which exists in the Windows Media Foundation Core, has also been discovered.
This vulnerability has been assigned with CVE-2023-36710, and the severity has been given as 7.8.
This vulnerability exists in the CreateFile, in which a path separator can either be a forward slash or a backward slash.
In other words, CreateFile treats the crafted input as a Windows Local Path, whereas MapUrlToZone treats it as a URL. This can be leveraged as an advantage to load a malicious audio file into Outlook as a means of bypassing the security patch.
A malicious audio file is played with the function mapWavePrepareHeader in the Audio Compression Manager.
This function is vulnerable to an integer overflow attack as the function does not check for the size of the stream.
An attacker can use a malicious wave file with a size bigger or equal to 0xffffff50, which could result in exploiting this vulnerability.
The smallest possible size with IMA ADP code is 1 GB, according to the calculations.
According to the reports shared with Cyber Security News, by combining these two vulnerabilities, an attacker can perform a zero-click remote code execution on a victim.
Although Microsoft has patched this vulnerability, it is still evident that there are bypass methods for threat actors to exploit this vulnerability.
A complete report has been published by Akamai, providing detailed information about the Outlook vulnerability, source code, functions, workarounds, and other information.
Microsoft has also provided full guidance on detecting and mitigating the original Outlook vulnerability.
It is recommended for every organization to follow the steps provided and remediate the vulnerabilities to prevent them from getting exploited.


This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 19 Dec 2023 13:05:04 +0000


Cyber News related to Attackers Exploit Outlook Clients

Microsoft says button to restore classic Outlook is broken - Since the beginning of the year, it has addressed other Outlook issues, including one that causes classic Outlook to crash when writing, replying to, or forwarding an email, and another one that led to Classic Outlook and Microsoft 365 applications ...
2 weeks ago Bleepingcomputer.com
Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
1 year ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
1 year ago Bleepingcomputer.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
1 year ago Bleepingcomputer.com CVE-2023-35636
Microsoft fixes button that restores classic Outlook client - Since the start of the year, it has fixed other Outlook issues, including one that led to Classic Outlook and Microsoft 365 applications crashing on Windows Server 2016 or Windows Server 2019 systems and another one that triggers classic Outlook ...
4 days ago Bleepingcomputer.com
Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
1 year ago Techtarget.com CVE-2023-35384 CVE-2023-36710 CVE-2023-23397 CVE-2023-29324
Microsoft fixes Outlook drag-and-drop broken by Windows updates - "After installing the January 2025 Windows non-security preview update and subsequent updates on devices running Windows 11, version 24H2, you may find that you are not able to drag and drop emails or calendar items to folders in classic Outlook," ...
1 month ago Bleepingcomputer.com
CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
10 months ago
CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
10 months ago
Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
1 year ago Cysecurity.news
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
1 year ago Bleepingcomputer.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
1 year ago Darkreading.com CVE-2023-23397 Fancy Bear APT28
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
1 year ago Securityboulevard.com
Microsoft fixes Outlook email sending issue for users with many folders - ​Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. In August, Microsoft also shared temporary workarounds for known issues triggering Gmail ...
6 months ago Bleepingcomputer.com
Hackers Actively Exploiting Outlook Privilege Escalation Flaw - Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool. Exploiting vulnerabilities in Outlook allows hackers to:-. In collaboration with the Polish Cyber Command, ...
1 year ago Cybersecuritynews.com CVE-2023-23397
Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
2 years ago Hackread.com
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File - Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be ...
1 year ago Darkreading.com CVE-2023-35384 CVE-2023-23397 Fancy Bear
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
Strela Stealer Malware Attacking Microsoft Outlook Users To Steal Login Credentials - The Strela Stealer, named after the Russian word for “Arrow,” has been actively targeting systems since late 2022, with a precise focus on exfiltrating email credentials from both Microsoft Outlook and Mozilla Thunderbird email clients. ...
3 weeks ago Cybersecuritynews.com
Best of 2023: Detecting CVE-2023-23397: How to Identify Exploitation of the Latest Microsoft Outlook Vulnerability - As we close out 2023, we at Security Boulevard wanted to highlight the most popular articles of the year. Following is the latest in our series of the Best of 2023. Microsoft recently released patches for nearly 80 new security vulnerabilities, ...
1 year ago Securityboulevard.com CVE-2023-23397 CVE-2023-24880
Attackers Exploit Outlook Clients - Microsoft recently reported that CVE-2023-23397, a critical Outlook vulnerability, is currently being exploited in the wild by a Russian-state-sponsored threat actor known as Forrest Blizzard. This vulnerability allowed threat actors to exploit an ...
1 year ago Cybersecuritynews.com CVE-2023-23397 CVE-2023-35384 CVE-2023-36710
CVE-2017-8663 - Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email ...
3 years ago
TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
1 year ago Gbhackers.com CVE-2023-23397 CVE-2023-38831 CVE-2023-32231
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security researchers at Akamai are sharing details on multiple bypasses for patches Microsoft released for an Outlook zero-click remote code execution vulnerability earlier this year. The original issue, tracked as CVE-2023-23397, was patched by ...
1 year ago Securityweek.com CVE-2023-23397 CVE-2023-29324 CVE-2023-35384 CVE-2023-36710

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)