CVE-2023-23397
Microsoft Office Outlook Privilege Escalation Vulnerability
CVSS
—
Sin CVSS
EPSS
97.4%
p100
KEV
SÍ
14 mar 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Office
Vulnerabilidad
Microsoft Office Outlook Privilege Escalation Vulnerability
Añadido a KEV
14 mar 2023
Remediar antes de
4 abr 2023
Uso conocido en ransomware
No
Descripción resumida
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Acción requerida
Apply updates per vendor instructions.
Notas
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397