CVE-2023-23397 – Microsoft Outlook Privilege Escalation

On March 14, 2023, Microsoft released a patch for CVE-2023-23397. CVE-2023-23397 is a vulnerability in the Windows Microsoft Outlook client that can be exploited by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. No user interaction is required to trigger the exploit.

Exploitation of the vulnerability will leak the targeted user’s Net-NTLMv2 hashes. This could then be used to conduct relay attacks to other systems that support NTLMv2, allowing the threat actor to authenticate as the targeted user.

Read more…
Source: Palo Alto Unit 42