Bi.Zone, a Russian company specializing in information security, has identified a critical vulnerability in the Microsoft Outlook email client that could allow attackers to steal logins and passwords from victims’ emails. In this respect informs TASS.
The problem is in the scheduling system built into the Outlook calendar. To use it, attackers simply need to send the victim a letter with a modified sign about a planned event. Moreover, the victim does not even need to open the letter – it will be enough to receive a notification.
“The attacker immediately exploits the vulnerability and launches an attack. “Bi.Zone takes the victim’s identity information and can use them,” he said.
It is stated that the code CVE-2023-23397 was assigned to the vulnerability found. The hazard rating was rated 9.8 out of 10 by an international group of experts. The vulnerability was discovered in March 2023.
Formerly socialbites.ca Wrote Trend Micro experts discovered the OpcJacker information thief disguised as a VPN.