Microsoft Outlook Elevation of Privilege Vulnerability - CVE-2023-23397

Overview

Critical Outlook elevation of privilege security flaw exploitable without user interaction in low-complexity attacks.

The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane

What is vulnerable?

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability

Recommendation

Microsoft recommends immediately patching CVE-2023-23397 to mitigate this vulnerability to thwart any incoming attacks. DGov advises agencies should move towards using Windows Autopatch for Microsoft endpoint device fleets where possible.

The company also advises adding users to the Protected Users group in Active Directory and blocking outbound SMB (TCP port 445) if patching is not immediately possible, which might limit the impact of CVE-2023-2339.

Additional References

National Vulnerability Database - https://nvd.nist.gov/vuln/detail/CVE-2023-23397

Microsoft Outlook Elevation of Privilege Vulnerability - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397