This week a serious vulnerability was discovered in Microsoft Outlook that affects versions 2019, 2016, and 2013. The vulnerability allows attackers to execute arbitrary code remotely by sending a specially crafted email to the target. The victim would not even need to open the email to have the malware to execute on their device.
The vulnerability was discovered by security researchers and reported to Microsoft, which has released a patch to address the issue.
The vulnerability is thought to be under active exploitation by bad-actors already, and proof-of-concept exploit-code is being made available on the internet. CyberSolace would urge all its clients and audience to review their MS-Outlook software and take the recommended action prescribed by Microsoft to mitigate any risks.
You can read more details about this vulnerability on the Microsoft website by clicking the button below.
To determine if your organization was targeted by actors attempting to use this vulnerability, Microsoft is providing documentation and a script at https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/.
Organizations should review the output of this script to determine risk. Tasks, email messages and calendar items that are detected and point to an unrecognized share should be reviewed to determine if they are malicious. If objects are detected, they should be removed or clear the parameter. If no objects are detected, it is unlikely the organization was targeted via CVE-2023-23397.