[#PatchNow] Microsoft has released a patch for a critical elevation of privilege #zeroday #vulnerability that has purportedly been used by threat actors linked to Russian Military Intelligence to compromise multiple European organizations over the past year.

According to Microsoft, "The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane."

(External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.)

All supported versions of Microsoft #Outlook for Windows are vulnerable. Online versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.

There is a script to help determine if your organization was targeted by actors attempting to use this vulnerability.

Bottom line: Test and patch this ASAP if your org uses Outlook.

Links to more info: https://exchange.xforce.ibmcloud.com/vulnerabilities/249053

https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2023-23397

#NTLMRelay #PassTheHash