Imechapishwa: Mar 20, 2023 06:30
Advisory No:
Source:
Software Affected:
Advisory No: TZCERT/SA/2023/03/17
Date of First Release: 17th March 2023
Source: Microsoft
Software Affected: Microsoft Outlook for Windows
Overview:
Microsoft has released security patches to address the elevation of privilege vulnerability affecting Outlook for Windows. Microsoft Outlook is a personal information manager software from Microsoft for email clients that has several features such as calendaring, task manager, contact managing, note-taking, journal logging, etc. This vulnerability could allow an attacker to take control of an affected system.
Description:
This vulnerability is tracked as CVE-2023-23397 (CVSS score: 9.1). It is caused by the receipt of a crafted Outlook MSG file where the ”PidLidReminderFileParameter” is set to a Threat-Controlled SMB Resource (IP Address) will trigger the NTLM Authentication to the Threat-Controlled Server whether or not the email has been viewed. This allows NTLM credential theft that requires no user interaction.
The connection to the Threat-Controlled Server sends the user’s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication.
Impact:
Successful exploitation of this vulnerability may allow the attacker to control of the affected system.
Solution:
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.