Hackers are constantly looking for new ways to infiltrate secure networks.

This is a difficult challenge because all responsible businesses invest in security.

A vulnerability was recently discovered in Outlook that allows hackers to steal passwords by simply emailing the account holder.

cybersecurity on laptop screen with passwords

A patch has been released, but many businesses haven’t yet updated their version of Outlook.

So what is this vulnerability, and how can businesses defend against it?

What Is the CVE-2023-23397 Vulnerability?

a padlock in front of binary on a notepad

The CVE-2023-23397 vulnerability is a privilege escalation vulnerability that affects Microsoft Outlook running on Windows.

A patch was released in March 2023.

Who Is Targeted by the Microsoft Outlook Vulnerability?

locked laptop and skull flag

The CVE-2023-23397 vulnerability is only effective against Outlook running on Windows.

Android, Apple, and web users, are not affected and do not need to update their software.

Private individuals are unlikely to be targeted because doing so isn’t as profitable as targeting a business.

If a private individual uses Outlook for Windows, however, they should still update their software.

Businesses are likely to be the primary target because many use Outlook for Windows to protect their important data.

How Does the Vulnerability Work?

This attack uses an email with specific properties that causes Microsoft Outlook to reveal the victim’s NTLM hash.

When Outlook receives this email, it attempts to authenticate itself to the SMB share using its NTLM hash.

The hacker in control of the SMB share is then able to enter the hash.

Why Is the Outlook Vulnerability So Effective?

The CVE-2023-23397 vulnerability allows an attacker to gain access to the victim’s account.

The outcome therefore depends on what the victim has access to.

The attacker may steal data orlaunch a ransomware attack.

If the victim has access to private data, the attacker can steal it.

In the case of customer information,it can be sold on the dark web.

This is not only problematic for customers but also for the business’s reputation.

The attacker may also be able to encrypt private or important information using ransomware.

This script searches your files and looks for parameters that are used in this attack.

After finding them, you’re free to delete them from your system.

The script can be accessedvia Microsoft.

Any business who fails to do so is an attractive target to hackers.