Microsoft has confirmed the existence of a critical vulnerability, CVE-2023-23397, in the Outlook email client that is assigned a maximum severity rating of 9.8 out of 10. It has been reported forbes.
Microsoft has confirmed that the vulnerability is actively exploited by cyber crooks. Its danger lies in the fact that in order to execute the malicious code, the criminal only needs to send a letter to the victim. Also, it is not necessary to read the letter – the attack is launched automatically when the client is open.
The malicious email contains a calendar event that activates the exploit and sends Windows New technology LAN Manager hashes to a random server. This gives the hacker access to corporate networks. Microsoft claims that between April and December 2022, the CVE-2023-23397 vulnerability was used in attacks against at least 15 organizations.
The patch that protects against the vulnerability has already been released – Microsoft urged to urgently update Outlook clients so as not to fall victim to cybercriminals.
Formerly socialbites.ca we talked about itthat chatbot users are at risk of falling into the trap of scammers.