Hackers Actively Exploiting Outlook Privilege Escalation Flaw

Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool.
Exploiting vulnerabilities in Outlook allows hackers to:-.
In collaboration with the Polish Cyber Command, Microsoft takes action against the threat actors behind this Russian nation-state group, Forest Blizzard.
CVE-2023-23397 is marked as a critical Outlook vulnerability on Windows, and it's a privilege escalation vulnerability that allows threat actors to exploit a crafted message triggering Net-NTLMv2 hash leak to their controlled server.
This critical privilege escalation vulnerability has affected all the Outlook versions on Windows, but it didn't affect any version of the following platforms:-.
Utilizing Microsoft's TNEF, this technique employs Winmail.
Dat attachments to transmit formatted email messages, including attachments and Outlook-specific features.
Outlook on Windows allows users to set custom reminder sounds, affecting the PidLidReminderFileParameter MAPI property.
Threat actors exploit this, using tools like MFCMAPI to manipulate properties, deceive users, and leak the Net-NTLMv2 hash of the signed-in Windows user.
Initial access: Exchange Servers vulnerable to Net-NTLMv2 Relay attack.
The notable thing is that Azure AD, default for Exchange Online, is not directly susceptible, but a federated identity provider may be at risk.
Here below, we have mentioned all the recommendations provided by the cybersecurity researchers:-.
Make sure to update Microsoft Outlook promptly for mitigation.
Implement recommended security practices to mitigate the threat if immediate patching is not feasible.
Apply the latest security updates for on-premises Microsoft Exchange Server to activate defense-in-depth mitigations.
If suspicious reminder values are detected, use the script to remove messages or properties and initiate incident response as needed.
Reset passwords for targeted users who received suspicious reminders and initiate an incident response for affected accounts.
Mitigate the impact of Net-NTLMv2 Relay attacks with the implementation of multifactor authentication.
Make sure that all the unnecessary services are disabled on Exchange.
Control SMB traffic by blocking ports 135 and 445, allowing only specified IP addresses on the allowlist.


This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 06 Dec 2023 03:15:23 +0000


Cyber News related to Hackers Actively Exploiting Outlook Privilege Escalation Flaw

Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
11 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
Hackers Actively Exploiting Outlook Privilege Escalation Flaw - Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool. Exploiting vulnerabilities in Outlook allows hackers to:-. In collaboration with the Polish Cyber Command, ...
11 months ago Cybersecuritynews.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
11 months ago Bleepingcomputer.com
Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
8 months ago Bleepingcomputer.com
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
9 months ago Bleepingcomputer.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
5 months ago Securityaffairs.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
9 months ago Bleepingcomputer.com
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File - Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be ...
10 months ago Darkreading.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
4 months ago Securityaffairs.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
11 months ago Bleepingcomputer.com
Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
10 months ago Techtarget.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
5 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
5 months ago Securityaffairs.com
TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
11 months ago Gbhackers.com
CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
5 months ago
CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
5 months ago
Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
9 months ago Cysecurity.news
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
5 months ago Securityaffairs.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
11 months ago Darkreading.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
5 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)