msrc.microsoft.com Open in urlscan Pro
2620:1ec:4e:1::45  Public Scan

Form analysis
2 forms found in the DOM

Name: searchForm — GET https://www.microsoft.com/en-us/search/explore

<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/search/explore" method="GET"
  data-seautosuggest="{&quot;queryParams&quot;:{&quot;market&quot;:&quot;en-us&quot;,&quot;clientId&quot;:&quot;7F27B536-CF6B-4C65-8638-A0F8CBDFCA65&quot;,&quot;sources&quot;:&quot;Iris-Products,DCatAll-Products,Microsoft-Terms&quot;,&quot;filter&quot;:&quot;+ClientType:StoreWeb&quot;,&quot;counts&quot;:&quot;1,5,5&quot;},&quot;familyNames&quot;:{&quot;Apps&quot;:&quot;App&quot;,&quot;Books&quot;:&quot;Book&quot;,&quot;Bundles&quot;:&quot;Bundle&quot;,&quot;Devices&quot;:&quot;Device&quot;,&quot;Fees&quot;:&quot;Fee&quot;,&quot;Games&quot;:&quot;Game&quot;,&quot;MusicAlbums&quot;:&quot;Album&quot;,&quot;MusicTracks&quot;:&quot;Song&quot;,&quot;MusicVideos&quot;:&quot;Video&quot;,&quot;MusicArtists&quot;:&quot;Artist&quot;,&quot;OperatingSystem&quot;:&quot;Operating System&quot;,&quot;Software&quot;:&quot;Software&quot;,&quot;Movies&quot;:&quot;Movie&quot;,&quot;TV&quot;:&quot;TV&quot;,&quot;CSV&quot;:&quot;Gift Card&quot;,&quot;VideoActor&quot;:&quot;Actor&quot;}}"
  data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
  data-m="{&quot;cN&quot;:&quot;GlobalNav_Search_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c1c9c2m1r1a1&quot;}" aria-expanded="false" style="overflow-x: visible;">
  <div class="x-screen-reader" aria-live="assertive" style="overflow-x: visible;"></div>
  <div class="x-screen-reader" aria-live="assertive"></div>
  <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
    name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{&quot;cN&quot;:&quot;SearchBox_nav&quot;,&quot;id&quot;:&quot;n1c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:1,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" data-toggle="tooltip"
    data-placement="right" title="Search Microsoft.com" style="overflow-x: visible;">
  <button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{&quot;cN&quot;:&quot;Search_nav&quot;,&quot;id&quot;:&quot;n2c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:2,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" data-bi-mto="true"
    aria-expanded="false" style="overflow-x: visible;">
    <span role="presentation" style="overflow-x: visible;">Search</span>
    <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft.com</span>
  </button>
  <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
      data-m="{&quot;cN&quot;:&quot;search suggestions_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" style="overflow-x: visible;"></ul>
    <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox" style="overflow-x: visible;">
      <li class="c-menu-item" style="overflow-x: visible;"> <span tabindex="-1" style="overflow-x: visible;">No results</span></li>
    </ul>
  </div>
</form>

GET /blog/search/

<form action="/blog/search/" method="GET" role="search">
  <div class="input-group">
    <input class="form-control border-right-0" type="search" name="query" id="search-query" placeholder="Search blog posts">
    <div class="input-group-append">
      <button class="btn glyph-append glyph-append-search border-left-0 pl-2 border-neutral-400 bg-body" type="submit" aria-label="Search"></button>
    </div>
  </div>
</form>

Text Content

Skip to main content
Microsoft
MSRC
MSRC
MSRC
 * Home
 * Report an issue
    * Report Security Vulnerability
    * Report Abuse
    * Report Infringement
    * Submission FAQs

 * Customer guidance
    * Security Update Guide
    * Exploitability index
    * Developer API documentation
    * Frequently Asked Questions
    * Technical Security Notifications

 * Engage
    * Microsoft Bug Bounty Programs
    * Microsoft Active Protections Program
    * BlueHat Security Conference
    * Researcher Recognition Program
    * Windows Security Servicing Criteria

 * Who we are
    * Mission
    * Cyber Defense Operations Center
    * Coordinated Vulnerability Disclosure
    * Social

 * Blogs
    * Microsoft Security Response Center
    * Security Research & Defense
    * BlueHat Conference Blog

 * Acknowledgments
    * Security Researcher Acknowledgments
    * Online Services Researcher Acknowledgments
    * Security Researcher Leaderboard

 * More

 * All Microsoft
   
   
    * GLOBAL
      
      * Microsoft 365
      * Teams
      * Windows
      * Surface
      * Xbox
      * Deals
      * Small Business
      * Support
    * Software Software
      * Windows Apps
      * OneDrive
      * Outlook
      * Skype
      * OneNote
      * Microsoft Teams
      * Microsoft Edge
    * PCs & Devices PCs & Devices
      * Computers
      * Shop Xbox
      * Accessories
      * VR & mixed reality
      * Phones
    * Entertainment Entertainment
      * Xbox Game Pass Ultimate
      * PC Game Pass
      * Xbox games
      * PC games
      * Windows digital games
      * Movies & TV
    * Business Business
      * Microsoft Cloud
      * Microsoft Security
      * Dynamics 365
      * Microsoft 365 for business
      * Microsoft Power Platform
      * Windows 365
      * Microsoft Industry
      * Small Business
    * Developer & IT Developer & IT
      * Azure
      * Developer Center
      * Documentation
      * Microsoft Learn
      * Microsoft Tech Community
      * Azure Marketplace
      * AppSource
      * Visual Studio
    * Other Other
      * Microsoft Rewards
      * Free downloads & security
      * Education
      * Virtual workshops and training
      * Gift cards
      * Holiday gifts
      * Licensing
      * Microsoft Experience Center
    * View Sitemap


Search Search Microsoft.com
 * No results

Cancel

 * blog
 * 2023
 * 03
 * microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/


MICROSOFT MITIGATES OUTLOOK ELEVATION OF PRIVILEGE VULNERABILITY

MSRC
/ By MSRC / March 14, 2023 / 2 min read


SUMMARY SUMMARY

Microsoft Threat Intelligence discovered limited, targeted abuse of a
vulnerability in Microsoft Outlook for Windows that allows for new technology
LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to
address the critical elevation of privilege (EoP) vulnerability affecting
Microsoft Outlook for Windows. We strongly recommend all customers update
Microsoft Outlook for Windows to remain secure.


IMPACTED PRODUCTS IMPACTED PRODUCTS

All supported versions of Microsoft Outlook for Windows are affected. Other
versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on
the web and other M365 services are not affected.


TECHNICAL DETAILS TECHNICAL DETAILS

CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is
triggered when an attacker sends a message with an extended MAPI property with a
UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user
interaction is required.

The threat actor is using a connection to the remote SMB server sends the user’s
NTLM negotiation message, which the attacker can then relay for authentication
against other systems that support NTLM authentication.


FIX FIX

Please refer to CVE-2023-23397 Outlook updates to address this vulnerability,
read FAQs, and additional mitigation details.

To address this vulnerability, you must install the Outlook security update,
regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server,
some other platform) or your organization’s support for NTLM authentication.


IMPACT ASSESSMENT IMPACT ASSESSMENT

To determine if your organization was targeted by actors attempting to use this
vulnerability, Microsoft is providing documentation and a script at
https://aka.ms/CVE-2023-23397ScriptDoc.

Organizations should review the output of this script to determine risk. Tasks,
email messages and calendar items that are detected and point to an unrecognized
share should be reviewed to determine if they are malicious. If objects are
detected, they should be removed or clear the parameter.

If no objects are detected, it is unlikely the organization was targeted via
CVE-2023-23397.


ACKNOWLEDGEMENT ACKNOWLEDGEMENT

The Microsoft Incident Response team and Microsoft Threat Intelligence community
appreciate the opportunity to investigate the findings reported by CERT-UA.

Through joint efforts, Microsoft is aware of limited targeted attacks using this
vulnerability and initiated communication with the affected customers. Microsoft
Threat Intelligence assesses that a Russia-based threat actor used the exploit
patched in CVE-2023-23397 in targeted attacks against a limited number of
organizations in government, transportation, energy, and military sectors in
Europe.

We encourage all researchers to work with vendors under Coordinated
Vulnerability Disclosure (CVD).


REFERENCES REFERENCES

 * Visit the Security Update Guide for information about CVE-2023-23397

 * For more information, review the Exchange Team Blog  

 * Questions? Open a support case through the Azure Portal at aka.ms/azsupt

 * Outlook

--------------------------------------------------------------------------------

Previous Post


RELATED POSTS

 * マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します
 * A new experience for reporting copyright or trademark infringement on
   Microsoft Services
 * Outlook の脆弱性を修正するセキュリティ更新プログラムを定例外で公開


Subscribe


CATEGORIES

 * MSRC (1027)
 * Japan Security Team (987)
 * Security Research & Defense (375)
 * BlueHat (183)
 * Microsoft Threat Hunting (3)


TAGS

 * セキュリティ情報 (464)
 * 脆弱性 (248)
 * アドバイザリ (163)
 * Internet Explorer (IE) (156)
 * Security Update (140)
 * Security Advisory (134)
 * Security Bulletin (133)
 * Mitigations (128)
 * Microsoft Windows (106)
 * Risk Asessment (104)
 * View all Tags


RECENT POSTS

 * Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
 * Azure Kubernetes Service (AKS) Threat Hunting
 * Configuring host-level audit logging for AKS VMSS
 * First steps in CHERIoT Security Research
 * New MSRC Blog Site


ARCHIVES

 * March 2023 (5)
 * February 2023 (6)
 * January 2023 (9)
 * December 2022 (3)
 * November 2022 (9)
 * View full Archive

What's new
 * Surface Pro 9
 * Surface Laptop 5
 * Surface Studio 2+
 * Surface Laptop Go 2
 * Surface Laptop Studio
 * Surface Duo 2
 * Microsoft 365
 * Windows 11 apps

Microsoft Store
 * Account profile
 * Download Center
 * Microsoft Store support
 * Returns
 * Order tracking
 * Personal shopping appointments
 * Microsoft Store Promise
 * Flexible Payments

Education
 * Microsoft in education
 * Devices for education
 * Microsoft Teams for Education
 * Microsoft 365 Education
 * Education consultation appointment
 * Educator training and development
 * Deals for students and parents
 * Azure for students

Business
 * Microsoft Cloud
 * Microsoft Security
 * Dynamics 365
 * Microsoft 365
 * Microsoft Power Platform
 * Microsoft Teams
 * Microsoft Industry
 * Small Business

Developer & IT
 * Azure
 * Developer Center
 * Documentation
 * Microsoft Learn
 * Microsoft Tech Community
 * Azure Marketplace
 * AppSource
 * Visual Studio

Company
 * Careers
 * About Microsoft
 * Company news
 * Privacy at Microsoft
 * Investors
 * Diversity and inclusion
 * Accessibility
 * Sustainability

English (United States)
 * Sitemap
 * Contact Microsoft
 * Privacy
 * Manage cookies
 * Terms of use
 * Trademarks
 * Safety & eco
 * About our ads
 * © Microsoft 2023