microsoft outlook CVE-2023-23397 vulnerability in Microsoft Products
Published on March 14, 2023

product logo product logo
Microsoft Outlook Elevation of Privilege Vulnerability

Vendor Advisory NVD

Known Exploited Vulnerability

This Microsoft Office Outlook Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

The following remediation steps are recommended / required by April 4, 2023: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2023-23397 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.


Products Associated with CVE-2023-23397

You can be notified by stack.watch whenever vulnerabilities like CVE-2023-23397 are published in these products:

 
 
 
 

What versions are vulnerable to CVE-2023-23397?