The safer Kerberos authentication is typically used by machines within the same domain. The ‘leaking’ of Net-NTLM hash through this mechanism is not new, nor is it considered an actual vulnerability by itself, as it is a feature which allows Windows machines to communicate with one another. The attacker steals the Net-NTLM hash by tricking the victim into accessing an UNC path \\Attacker_IP_Address. As companies may already be compromised, it is not sufficient to simply block access to port 445 on the internet.ĬVE-2023-23397 allows the attacker to steal the Net-NTLM hash from the victim, which enables an attacker to assume a victim identity and to move deeper into the organisation. This exploit has caught the attention of a hacking group linked to Russia’s GRU military intelligence agency that is using it to target some European organizations in government, transportation, energy, and military sectors.Ĭompanies have to quickly patch their Outlook software and implement measures to detect if they have been compromised. It affects everything from Microsoft 365 apps for enterprise to Outlook 2013 SP1. The CVE-2023-23397 vulnerability in Microsoft Outlook has generated significant concern due to its high severity score of CVSS 9.8. Microsoft recently released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire year. InsiderSecurity analysed the possible exploitation techniques for the recent Outlook vulnerability, as well as methods for early detection of such exploits, both for this specific vulnerability and future similar vulnerabilities. InsiderSecurity carries out research and analysis on the latest cyber threats to help organizations stay ahead.
0 Comments
Leave a Reply. |