Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2023-23397

Microsoft | OfficeAdded 2023-03-14Remediation Deadline 2023-04-04

Microsoft Office Outlook Privilege Escalation Vulnerability

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-294

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/,