www.trendmicro.com
Open in
urlscan Pro
23.56.204.250
Public Scan
URL:
https://www.trendmicro.com/en_us/research/23/c/patch-cve-2023-23397-immediately-what-you-need-to-know-and-do.html
Submission: On April 02 via api from SA — Scanned from DE
Submission: On April 02 via api from SA — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
</tr>
</tbody>
</table>
</div>
</form><form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
<span class="icon-close"></span>
</td>
</tr>
</tbody>
</table>
</div>
</form>POST #
<form class="acsb-form" data-acsb-search="form" enctype="multipart/form-data" action="#" method="POST"> <input type="text" tabindex="0" name="acsb_search" autocomplete="off" placeholder="Unclear content? Search in dictionary..."
aria-label="Unclear content? Search in dictionary..."> <i class="acsbi-search"></i> <i class="acsbi-chevron_down"></i> </form>Text Content
Use Website In a Screen-Reader Mode
Skip to Content
↵ENTER
Skip to Menu
↵ENTER
Skip to Footer
↵ENTER
dismiss
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Log In
* Business Support Portal
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Free trials
* Cloud
* Detection and Response
* User Protection
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
Business
Solutions Solutions
Platform
Trend Micro One
By Challenge
Understand, Prioritize & Mitigate Risks
Secure Cloud-Native Apps
Hybrid cloud transformation
Securing your workforce infrastructure
Eliminate network blindspots
See more and respond faster
Threats Agilely to Extending your team resources
By Role
CISO/CIO
SOC Manager
Infrastructure Manager
Cloud Builder and Developer
Cloud Security Ops
By Industry
Healthcare
Manufacturing
Oil & Gas
Electric Utility
Federal
Automotive
5G Networks
Products Products
Cloud Security
Cloud Security Overview
Workload Security
Cloud Security Posture Management
Container Security
File Storage Security
Endpoint Security
Network Security
Open Source Security
Cloud Visibility
Network Security
Network Security Overview
Network Intrusion Prevention (IPS)
Breach Detection System (BDS)
Secure Service Edge (SSE)
OT & ICS Security
Endpoint & Email Security
Endpoint & Email Security Overview
Endpoint Protection
Email Security
Mobile Security
Security Operations
Security Operations Overview
Attack Surface Management
XDR (Extended Detection & Response)
Threat Intelligence
All Products & Trials
Our Unified Platform
Service Packages
Small & Midsize Business Security
Services Services
Our Services
Service Packages
Managed XDR
Support Services
Research Research
Research
About Our Research
Research, News and Perspectives
Research and Analysis
Blog
Security Reports
Security News
Zero Day Initiatives (ZDI)
Resources
CISO Resource Center
DevOps Resource Center
Cyber Risk Index/Assessment
Threat Encyclopedia
What Is?
Glossary of Terms
EXPLORE THE CYBER RISK INDEX (CRI)
Use the CRI to assess your organization’s preparedness against attacks, and get
a snapshot of cyber risk across organizations globally.
Calculate your risk
Partners Partners
Channel Partners
Channel Partner Overview
Managed Service Provider
Cloud Service Provider
Professional Services
Resellers
Marketplace
System Integrators
Alliance Partners
Alliance Overview
Technology Alliance Partners
Our Alliance Partners
Partner Tools
Partner Login
Education and Certification
Partner Successes
Distributors
Find a Partner
About About
Why Trend Micro
The Trend Micro Difference
Customer Success Stories
The Human Connections
Industry Accolades
Strategic Alliances
Company
Trust Center
History
Diversity, Equity & Inclusion
Corporate Social Responsibility
Leadership
Security Experts
Internet Safety and Cybersecurity Education
Legal
Resources
Newsroom
Events
Investors
Careers
Webinars
×
Folio (0)
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Log In
* Business Support Portal
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Free trials
* Cloud
* Detection and Response
* User Protection
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
* No new notifications at this time.
* No new notifications at this time.
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Business Support Portal
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
* Cloud
* Detection and Response
* User Protection
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
undefined
Exploits & Vulnerabilities
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
Subscribe
Content added to Folio
Folio (0) close
Exploits & Vulnerabilities
PATCH CVE-2023-23397 IMMEDIATELY: WHAT YOU NEED TO KNOW AND DO
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch
vulnerability that was rated 9.8 on the Common Vulnerability Scoring System
(CVSS) scale.
By: Trend Micro March 21, 2023 Read time: 5 min (1237 words)
Save to Folio
Subscribe
--------------------------------------------------------------------------------
Update as of 03/22/3023 2:50PM PHT: Updated the prevention and mitigation
section for an additional step.
CVE-2023-23397 is a critical privilege elevation/authentication bypass
vulnerability in Outlook, released as part of the March Patch Tuesday set of
fixes. The vulnerability, which affects all versions of Windows Outlook, was
given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March
14. We summarize the points that security teams need to know about this
vulnerability and how they can mitigate the risks of this gap.
What is it?
CVE-2023-23397 is an elevation of privilege (EoP) vulnerability in Microsoft
Outlook. It is a zero-touch exploit, meaning the security gap requires low
complexity to abuse and requires no user interaction.
Figure 1. General exploitation routine of CVE-2023-23397
How is CVE-2023-23397 exploited?
The attacker sends a message to the victim with an extended Message Application
Program Interface (MAPI) property with a Universal Naming Convention (UNC) path
to a remote attacker-controlled Server Message Block (SMB, via TCP 445).
Share-hosted on a server controlled by the attacker, the vulnerability is
exploited whether the recipient has seen the message or not. The attacker
remotely sends a malicious calendar invite represented by .msg — the message
format that supports reminders in Outlook — to trigger the vulnerable API
endpoint PlayReminderSound using “PidLidReminderFileParameter” (the custom alert
sound option for reminders).
When the victim connects to the attacker’s SMB server, the connection to the
remote server sends the user’s New Technology LAN Manager (NTLM) negotiation
message automatically, which the attacker can use for authentication against
other systems that support NTLM authentication.
NTLMv2 hashes are the latest protocol Windows uses for authentication, and it is
used for a number of services with each response containing a hashed
representation of users’ information, such as the username and password. As
such, threat actors can attempt a NTLM relay attack to gain access to other
services, or a full compromise of domains if the compromised users are admins.
While online services such as Microsoft 365 are not susceptible to this attack
because they do not support NTLM authentication, the Microsoft 365 Windows
Outlook app is still vulnerable.
HOW EASY IS IT TO EXPLOIT?
User interaction is not necessary to trigger (even before message preview) it,
nor does it require high privileges. CVE-2023-23397 is a zero-touch
vulnerability that is triggered when the victim client is prompted and notified
(e.g., when an appointment or task prompts five minutes before the designated
time). It is difficult to block outbound SMB traffic for remote users. The
attacker could use the same credentials to gain access to other resources. We
elaborate on this example in our webinar (at 04:23 of the video).
IS IT IN THE WILD? WHAT VERSIONS AND OPERATING SYSTEMS (OS) ARE AFFECTED?
There have been reports of limited attacks abusing this gap. Microsoft has been
coordinating with the affected victims to remediate this concern. All supported
versions of Microsoft Outlook for Windows are affected. Other versions of
Microsoft Outlook, such as Android, iOS, Mac, as well as Outlook on the web and
other M365 services, are not affected.
WHAT ARE THE POSSIBLE ATTACK SCENARIOS?
Figure 2. Beyond the exploit use scenario 1: Data and information theft via NTLM
relay attack
1. Lateral movement, malicious navigation using the relayed NTLM hashes
Relay attacks gained notoriety as a use case for Mimikatz using the NTLM
credential dumping routine via the sekurlsa module. In addition, pass-the-hat
(PtH) (or pass-the hash) attacks and variations of data and information theft
can be done. Once attackers are in the system, they can use the network for
lateral movement and navigate the organization’s lines over SMB.
Figure 3. Beyond the exploit use scenario 2: WebDAV directory traversal for
remote code execution (RCE)
2. WebDAV directory traversal for payload attacker routines
It’s possible for an attacker to leverage WebDAV services in cases where no
valid SMB service for Outlook exists (i.e., is not configured) in the client.
This is an alternative to the Web/HTTP service that can also be read as a UNC
path by .msg and/or Outlook Calendar items. Attackers can set up a malicious
WebDAV server to respond to affected victim clients with malicious pages. These
pages may contain code that can range from leveraging a directory traversal
technique similar to the Microsoft vulnerability CVE-2022-34713 (dubbed as
DogWalk) to push any form of payload for remote code execution such as
webshells.
WHAT CAN I DO TO PREVENT AND MITIGATE THE RISK OF EXPLOITATION OF
CVE-2023-23397?
Here are some steps that security administrators can perform to reduce the risk
of exploitation of CVE-2023-23397:
* Apply the vendor patches immediately. Microsoft has released a patch as part
of their March 2023 Monthly Security Update.
* Block TCP 445/SMB outbound from your network. This will prevent the sending
of NTLM authentication messages to remote file shares. If this cannot be
done, we recommend monitoring outbound traffic over port 445 for unknown
external IP addresses, then identifying and blocking them.
* Customers can disable the WebClient service. Note that this will block all
WebDAV connections, including intranet.
* Add users to the Protected Users Security Group. This prevents the use of
NTLM as an authentication mechanism, but note that this could impact
applications that rely on NTLM in your environment.
* Enforce SMB signing on clients and servers to prevent a relay attack.
* Other researchers have noted that disabling the "Show reminders" setting in
Outlook can prevent the leak of NTLM credentials.
HOW CAN I CHECK IF I’M AFFECTED?
Microsoft has provided a PowerShell script as a solution to the issue. The
script is designed to scan emails, calendar entries, and task items, and to
verify if they have the “PidLidReminderFileParameter” property. By running the
script, administrators can locate problematic items that have this property and
subsequently remove them or delete them permanently. Download the script here:
https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md.
WHICH TREND MICRO SOLUTIONS CAN ADDRESS THIS VULNERABILITY?
* Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning,
Behavioral Monitoring and Web Reputation Service) for Endpoint, Servers,
Mail, and Gateway (e.g., Apex One, Worry-Free Business Security Services,
Worry-Free Business Security Standard/Advanced, Deep Security with
anti-malware, etc.):
* Starting with Trend Micro Smart Scan Pattern version 21474.296.07, known
exploits associated with this vulnerability are being detected
as Trojan.Win32.CVE202323397.
* Trend Micro Vision One: Use this solution as an investigation tool. In the
“Search App,” select “Endpoint Activity Data” and enter the following query:
- dpt: 445 AND eventSubId: 204 AND processCmd: *OUTLOOK*. This can be saved
and added to a watchlist if desired.
* Cloud One Workload Security and Deep Security: IPS Rule 1009058, which will
need to be changed to Prevent.
* TippingPoint Filters:
* 28471 SMB: SMBv1 Successful Protocol Negotiation
* 28472 SMB: SMBv2 Successful Protocol Negotiation
* Please note: Enabling these filters in Block mode will interrupt legitimate
SMB traffic. Customers are advised to add exceptions for their Private IP
address space.
* Trend Micro Deep Discovery Inspector: Rule 4479 NTLM v1 Authentication - SMB
(Request).
* If NTLM v1 is configured by default, customers can use this rule to monitor
attempts for outgoing NTLM handshakes. Please note this rule only detects
and does not block, so it is best used as an investigative tool for
follow-up.
Details for all available Trend Micro solutions are available here:
https://success.trendmicro.com/dcx/s/solution/000292525?language=en_US.
To learn more about this vulnerability, you may view our technical webinar here:
https://www.youtube.com/watch?v=j44vIhklTp4
Tags
Cloud | Exploits & Vulnerabilities | Cyber Threats | Data center | Endpoints |
APT & Targeted Attacks | Network | Articles, News, Reports
AUTHORS
* Trend Micro
Research, News, and Perspectives
Contact Us
Subscribe
RELATED ARTICLES
* Preventing and Detecting Attacks Involving 3CX Desktop App
* S4x23 Review Part 4: Cybersecurity for Industrial IoT
* Fighting mercenaries with the Cybersecurity Tech Accord
See all articles
* Contact Sales
* Locations
* Careers
* Newsroom
* Trust Center
* Privacy
* Accessibility
* Support
* Site map
* linkedin
* twitter
* facebook
* youtube
* instagram
* rss
Copyright © 2023 Trend Micro Incorporated. All rights reserved.
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.Learn
more
Cookies Settings Accept
English
Accessibility Adjustments
Reset Settings Statement Hide Interface
Choose the right accessibility profile for you
OFF ON
Seizure Safe Profile Clear flashes & reduces color
This profile enables epileptic and seizure prone users to browse safely by
eliminating the risk of seizures that result from flashing or blinking
animations and risky color combinations.
OFF ON
Vision Impaired Profile Enhances website's visuals
This profile adjusts the website, so that it is accessible to the majority of
visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract,
Glaucoma, and others.
OFF ON
ADHD Friendly Profile More focus & fewer distractions
This profile significantly reduces distractions, to help people with ADHD and
Neurodevelopmental disorders browse, read, and focus on the essential elements
of the website more easily.
OFF ON
Cognitive Disability Profile Assists with reading & focusing
This profile provides various assistive features to help users with cognitive
disabilities such as Autism, Dyslexia, CVA, and others, to focus on the
essential elements of the website more easily.
OFF ON
Keyboard Navigation (Motor) Use website with the keyboard
This profile enables motor-impaired persons to operate the website using the
keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such
as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics)
to jump to specific elements.
Note: This profile prompts automatically for keyboard users.
OFF ON
Blind Users (Screen Reader) Optimize website for screen-readers
This profile adjusts the website to be compatible with screen-readers such as
JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software that is
installed on the blind user’s computer and smartphone, and websites should
ensure compatibility with it.
Note: This profile prompts automatically to screen-readers.
Content Adjustments
Content Scaling
Default
Readable Font
Highlight Titles
Highlight Links
Text Magnifier
Adjust Font Sizing
Default
Align Center
Adjust Line Height
Default
Align Left
Adjust Letter Spacing
Default
Align Right
Color Adjustments
Dark Contrast
Light Contrast
High Contrast
High Saturation
Adjust Text Colors
Cancel
Monochrome
Adjust Title Colors
Cancel
Low Saturation
Adjust Background Colors
Cancel
Orientation Adjustments
Mute Sounds
Hide Images
Read Mode
Reading Guide
Useful Links
Select an option Home Header Footer Main Content
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Black Cursor
Big White Cursor
HIDDEN_ADJUSTMENTS
Keyboard Navigation
Accessible Mode
Screen Reader Adjustments
Read Mode
Web Accessibility By
Learn More
Choose the Interface Language
English
Español
Deutsch
Português
Français
Italiano
עברית
繁體中文
Pусский
عربى
عربى
Nederlands
繁體中文
日本語
Polski
Türk
Accessibility StatementCompliance status
We firmly believe that the internet should be available and accessible to anyone
and are committed to providing a website that is accessible to the broadest
possible audience, regardless of ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web
Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA
level. These guidelines explain how to make web content accessible to people
with a wide array of disabilities. Complying with those guidelines helps us
ensure that the website is accessible to blind people, people with motor
impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as
accessible as possible at all times. We utilize an accessibility interface that
allows persons with specific disabilities to adjust the website’s UI (user
interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the
background and optimizes its accessibility level constantly. This application
remediates the website’s HTML, adapts its functionality and behavior for
screen-readers used by blind users, and for keyboard functions used by
individuals with motor impairments.
If you wish to contact the website’s owner please use the website's form
Screen-reader and keyboard navigation
Our website implements the ARIA attributes (Accessible Rich Internet
Applications) technique, alongside various behavioral changes, to ensure blind
users visiting with screen-readers can read, comprehend, and enjoy the website’s
functions. As soon as a user with a screen-reader enters your site, they
immediately receive a prompt to enter the Screen-Reader Profile so they can
browse and operate your site effectively. Here’s how our website covers some of
the most important screen-reader requirements:
1. Screen-reader optimization: we run a process that learns the website’s
components from top to bottom, to ensure ongoing compliance even when
updating the website. In this process, we provide screen-readers with
meaningful data using the ARIA set of attributes. For example, we provide
accurate form labels; descriptions for actionable icons (social media icons,
search icons, cart icons, etc.); validation guidance for form inputs;
element roles such as buttons, menus, modal dialogues (popups), and others.
Additionally, the background process scans all of the website’s images. It
provides an accurate and meaningful image-object-recognition-based
description as an ALT (alternate text) tag for images that are not
described. It will also extract texts embedded within the image using an OCR
(optical character recognition) technology. To turn on screen-reader
adjustments at any time, users need only to press the Alt+1 keyboard
combination. Screen-reader users also get automatic announcements to turn
the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with popular screen readers such as JAWS,
NVDA, VoiceOver, and TalkBack.
2. Keyboard navigation optimization: The background process also adjusts the
website’s HTML and adds various behaviors using JavaScript code to make the
website operable by the keyboard. This includes the ability to navigate the
website using the Tab and Shift+Tab keys, operate dropdowns with the arrow
keys, close them with Esc, trigger buttons and links using the Enter key,
navigate between radio and checkbox elements using the arrow keys, and fill
them in with the Spacebar or Enter key.
Additionally, keyboard users will find content-skip menus available at any
time by clicking Alt+2, or as the first element of the site while navigating
with the keyboard. The background process also handles triggered popups by
moving the keyboard focus towards them as soon as they appear, not allowing
the focus to drift outside.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F”
(forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
Disability profiles supported on our website
* Epilepsy Safe Profile: this profile enables people with epilepsy to safely
use the website by eliminating the risk of seizures resulting from flashing
or blinking animations and risky color combinations.
* Vision Impaired Profile: this profile adjusts the website so that it is
accessible to the majority of visual impairments such as Degrading Eyesight,
Tunnel Vision, Cataract, Glaucoma, and others.
* Cognitive Disability Profile: this profile provides various assistive
features to help users with cognitive disabilities such as Autism, Dyslexia,
CVA, and others, to focus on the essential elements more easily.
* ADHD Friendly Profile: this profile significantly reduces distractions and
noise to help people with ADHD, and Neurodevelopmental disorders browse,
read, and focus on the essential elements more easily.
* Blind Users Profile (Screen-readers): this profile adjusts the website to be
compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A
screen-reader is installed on the blind user’s computer, and this site is
compatible with it.
* Keyboard Navigation Profile (Motor-Impaired): this profile enables
motor-impaired persons to operate the website using the keyboard Tab,
Shift+Tab, and the Enter keys. Users can also use shortcuts such as “M”
(menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to
jump to specific elements.
Additional UI, design, and readability adjustments
1. Font adjustments – users can increase and decrease its size, change its
family (type), adjust the spacing, alignment, line height, and more.
2. Color adjustments – users can select various color contrast profiles such as
light, dark, inverted, and monochrome. Additionally, users can swap color
schemes of titles, texts, and backgrounds with over seven different coloring
options.
3. Animations – epileptic users can stop all running animations with the click
of a button. Animations controlled by the interface include videos, GIFs,
and CSS flashing transitions.
4. Content highlighting – users can choose to emphasize essential elements such
as links and titles. They can also choose to highlight focused or hovered
elements only.
5. Audio muting – users with hearing devices may experience headaches or other
issues due to automatic audio playing. This option lets users mute the
entire website instantly.
6. Cognitive disorders – we utilize a search engine linked to Wikipedia and
Wiktionary, allowing people with cognitive disorders to decipher meanings of
phrases, initials, slang, and others.
7. Additional functions – we allow users to change cursor color and size, use a
printing mode, enable a virtual keyboard, and many other functions.
Assistive technology and browser compatibility
We aim to support as many browsers and assistive technologies as possible, so
our users can choose the best fitting tools for them, with as few limitations as
possible. Therefore, we have worked very hard to be able to support all major
systems that comprise over 95% of the user market share, including Google
Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS, and NVDA
(screen readers), both for Windows and MAC users.
Notes, comments, and feedback
Despite our very best efforts to allow anybody to adjust the website to their
needs, there may still be pages or sections that are not fully accessible, are
in the process of becoming accessible, or are lacking an adequate technological
solution to make them accessible. Still, we are continually improving our
accessibility, adding, updating, improving its options and features, and
developing and adopting new technologies. All this is meant to reach the optimal
level of accessibility following technological advancements. If you wish to
contact the website’s owner, please use the website's form
Hide Accessibility Interface? Please note: If you choose to hide the
accessibility interface, you won't be able to see it anymore, unless you clear
your browsing history and data. Are you sure that you wish to hide the
interface?
Accept Cancel
Continue
Processing the data, please give it a few seconds...
Press Alt+1 for screen-reader mode
Sumo