And by doing it, the attacker can know the required Net-NTLMv2 victim’s hash to authenticate as the victim against another service. Using NTLM Relay attack techniques, an external attacker could prepare a crafted email that once retrieved and processed by victim’s Outlook client, generates a connection from the victim to an external location of the attackers’ control. This will block all WebDAV connections, including intranet, which might impact some users or applications.ĬVE-2023-23397 is an actively exploited zero-day vulnerability affecting Microsoft Outlook that was reported in Microsoft March 2023 Patch Tuesday. Disable the WebClient service running on your organisation’s machines.Microsoft updated their recommendations to reduce the risk of WebDAV based attacks, adding the following: Written by Lina Jiménez Becerra, Anton Jörgensson and Mark Stueck of the Kudelski Security Threat Detection & Research TeamĬVE-2023-23397: Ability to exploit an Elevation of Privileges by Microsoft Outlook processing a specially crafted incoming email
0 Comments
Leave a Reply. |