Intrusion PreventionMS.Outlook.CVE-2023-23397.Elevation.Of.Privilege
Description
This indicates an attack attempt to exploit an Elevation of Privilege vulnerability in Microsoft Outlook.
The vulnerability is due to a insufficient validation when parsing a crafted email. A remote attacker could exploit this to access a user's Net-NTLMv2 hash.
Outbreak Alert
CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook. It is a zero-touch exploit, meaning the security flaw requires no user interaction to be abused. All supported versions of Microsoft Outlook for Windows are affected including other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web.
Affected Products
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Refer to the vendor's advisory for updates:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 52754 |
| Created | Mar 17, 2023 |
| Updated | Mar 20, 2024 |
| Outbreak Alert | Microsoft Outlook Elevation of Privilege |
| Risk |
|
| CVE ID | CVE-2023-23397 |
| Known Exploited | Yes |
| Exploit Prediction Score | 92.64% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Office, MS_Exchange, Other |