CVE-2023-23397 vulnerability in Microsoft Products
Published on March 14, 2023
Known Exploited Vulnerability
This Microsoft Office Outlook Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
The following remediation steps are recommended / required by April 4, 2023: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2023-23397 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.
Products Associated with CVE-2023-23397
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-23397 are published in these products:
What versions are vulnerable to CVE-2023-23397?
- Microsoft Outlook Version 2016
- Microsoft Outlook Version 2013 sp1
- Microsoft Office Version 2019
- Microsoft Outlook Version 2013 sp1
- Microsoft 365 Apps Version -
- Microsoft Office Long Term Servicing Channel Version 2021