CVE-2023-23397

critical

Description

Microsoft Outlook Elevation of Privilege Vulnerability

From the Tenable Blog

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

Published: 2023-03-14

Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.

References

https://www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april

https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

https://www.securityweek.com/citrix-cisco-fortinet-zero-days-among-2023s-most-exploited-vulnerabilities/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html

https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/

https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/

https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html?&web_view=true

https://arstechnica.com/security/2024/02/kremlin-backed-hackers-are-infecting-ubiquity-edgerouters-fbi-warns/

https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html?&web_view=true

https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html

https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html?&web_view=true

https://www.tenable.com/blog/microsoft-patch-tuesday-2023-year-in-review

https://securityaffairs.com/155420/apt/apt8-exploited-outlook-0day-target-nato.html

https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/

https://meterpreter.org/proofpoint-uncovers-ta422-apt28s-dedicated-phishing-exploitation-loop/

https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear

https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2023-q3-2023.pdf

https://www.bleepingcomputer.com/news/security/france-says-russian-state-hackers-breached-numerous-critical-networks/

https://www.tenable.com/blog/microsofts-october-2023-patch-tuesday-addresses-103-cves-cve-2023-36563-cve-2023-41763

https://www.tenable.com/blog/microsofts-september-2023-patch-tuesday-addresses-61-cves-cve-2023-36761

https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html

https://www.mandiant.com/resources/blog/zero-days-exploited-2022

https://www.tenable.com/blog/microsofts-march-2023-patch-tuesday-addresses-76-cves-cve-2023-23397

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Details

Source: Mitre, NVD

Published: 2023-03-14

Updated: 2024-08-14

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical