logo
Home/CVEs/CVE-2023-23397/

CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability

Project:Microsoft

Product:Office

Date Added:2023-03-14Due Date:2023-04-04

Vulnerability Name

Microsoft Office Outlook Privilege Escalation Vulnerability

Description

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/,

https://nvd.nist.gov/vuln/detail/CVE-2023-23397

Related News Articles

Russian hackers breach orgs to track aid routes to UkraineMay 22, 2025

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsMay 22, 2025

ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability WindowsMay 21, 2025

BadPilot network hacking campaign fuels Russian SandWorm attacksFebruary 13, 2025

Microsoft: Russia's Sandworm APT Exploits Edge Bugs GloballyFebruary 13, 2025