Read Time:1 Minute, 32 Second

Microsoft on Friday warned of a previously unknown Outlook vulnerability that Russian hackers had exploited to access user emails.

Russian hackers had exploited the previously unknown Outlook vulnerability, tracked as CVE-2023-23397 (CVSS score: 9.8), to access user emails.

This critical flaw relates to a case of privilege escalation and could be exploited to steal NT Lan Manager (NTLM) hashes and stage relay attacks without user interaction.

Microsoft noted in an advisory released this month, “Specially crafted emails could be sent by external attackers which would connect the victim to an untrusted location under their control.”

“In a nutshell, this leaks the Net-NTLMv2 hash of the victim to an untrusted network where an attacker can relay that hash to another service then and be authenticated as if they have the victim’s identity.”

Microsoft addressed the Outlook vulnerability as part of its March 2023 Patch Tuesday updates, but only after Russian-based hackers leveraged it in attacks against various European targets.

The attackers targeted a wide range of industries and organizations with malicious emails in an attempt to gain access to user emails.

On Friday, Microsoft’s incident response team disclosed findings of possible exploitation of the Outlook vulnerability dating back to April 2022.

The team’s investigation found that the Russian-based hackers had been actively targeting various industries and organizations with malicious emails, attempting to access user emails by exploiting the critical privilege escalation flaw.

Microsoft has urged all users to update their Outlook clients as soon as possible and cautioned them not to open suspicious emails or attachments until the Outlook vulnerability is patched.

It is unclear how many users have been affected by this latest attack. Microsoft has urged all customers who believe they may be vulnerable or have noticed suspicious activities related to their accounts to contact technical support immediately.

About Post Author

Mitchell Eaton

mitchellsamueleaton@gmail.com
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
0 0
In, , ,
Previous post NSW Pensioner Fell Victim to a ‘Hi Mum’ Scam After Receiving an Innocent-Seeming Text Message From Her Daughter
Next post Italian Sports Car Hit by Cyberattack, Hacked Details Up for Ransom

More Stories