Mar 2023: Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 Published on March 14, 2023
Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Outlook Elevation of Privilege Vulnerability
Known Exploited Vulnerability
This Microsoft Office Outlook Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
The following remediation steps are recommended / required by April 4, 2023: Apply updates per vendor instructions.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2023-23397
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Office LTSC 2021:- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0.0 and below 16.0.5387.1000 is affected.
- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 15.0.0.0 and below 15.0.5537.1000 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.