Background / What has happened?
A critical elevation of privilege vulnerability (CVE-2023-23397) has been identified in all versions of Microsoft Outlook for Windows.
Microsoft Outlook for Windows is a personal information manager software system from Microsoft, available as a part of the Microsoft Office and Microsoft 365 software suites. Microsoft Outlook for Windows is available on Windows.
Exploitation of this vulnerability occurs when a threat actor delivers a specially crafted message to a user. These can leak the new technology LAN manager (NTLM) hash of the user to the untrusted network which an attacker can then relay to another service and authenticate as the user.
Affected Australian organisations should apply the available patch immediately.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is not aware of any successful exploitation attempts against Australian organisations.
Mitigation / How do I stay secure?
Australian organisations that use Microsoft Outlook for Windows should review their patch status and update to the latest version.
Additionally the ASD’s ACSC recommends organisations block outbound SMB traffic (Ports 139 and 445).
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).