ALERT – Critical Microsoft Outlook bug Actively Exploited

Threat alert details

We would like to bring your attention to a critical vulnerability within Microsoft Outlook which allows for elevation of privileges with a CVSS3 score of 9.8. This vulnerability allows specially crafted emails to force a target’s device to connect to a remote URL and transmit the Windows user account’s Net-NTLMv2 hash. This exploit can grant unauthenticated attackers access to the target user’s Net-NTLMv2 hash, which can then be used to launch further attacks against another service in order to authenticate as the compromised user.

Further details will be provided as More information becomes available.

Affected Versions

This vulnerability has been reported to impact all supported versions of Microsoft Outlook for Windows however does not appear to affect Outlook for Android, iOS, or macOS versions of Outlook

Indicators of compromise

Microsoft have released a Powershell script to aid in investigations for potential compromise from this vulnerability. The script is available from the following URL and can be used in an audit only capacity or in a cleanup mode:
https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/

Remediation

In this weeks Patch Tuesday Microsoft has released a critical security update for Microsoft Outlook. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

References

• https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224#:~:text=under%20Product%20Family).-,Awareness%3A%20Outlook%20client%20update%20for%20CVE%2D2023%2D23397%20released,-There%20is%20a
• https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

More like this

AI apps are smart. Until they do something really dumb.

AI apps seem brilliant—until they expose secrets or spill user data without a clue. Behind the curtain? Chaos. Hackers, take aim.

CovertSwarm Ranks #23 on Clutch 100 Fastest-Growing Companies in 2025

Clutch has recognized us for achieving one of the highest revenue growth rates from 2023 to 2024.

CovertSwarm Achieves Prestigious CBEST Accreditation

CovertSwarm becomes one of the few cybersecurity firms accredited under the Bank of England’s rigorous CBEST framework.