03.15.2023

Microsoft Outlook Critical Privilege Escalation Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/15/2023

Action Level - Critical

Description

Microsoft has released updates addressing a critical privilege escalation vulnerability affecting Outlook for Windows. An attacker could craft an email to trigger this exploit without a user needing to open the email. Once exploited the attacker could access the user’s NTLM hash and ultimately authenticate to the target domain as the attacked user. Microsoft is aware of attackers currently exploiting this vulnerability in the wild.

Due to the critical nature of this vulnerability as well as the fact that it is being exploited, we recommend prioritizing updates on any affected systems as soon as possible. 

Affected Versions

  • Microsoft Outlook: LTSC 2021, 2019, 2016, 2013 SP1, 2013 RT SP1
  • Microsoft 365 Apps for Enterprise

Attack Vector

An attacker could trigger this vulnerability by sending a specially crafted email. The user would not need to open or preview this email in order to trigger the vulnerability.

Attack Feasibility 

This vulnerability is currently being exploited in the wild.

Mitigation

Microsoft suggests adding users to the Protected Users Security Group (which may impact some applications where NTLM is required) and blocking TCP 445 on your firewall and/or VPN configuration as partial mitigation.

Remediation

Update to a fixed version of Microsoft Outlook.

Vendor Resources

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (includes impact assessment script to look for exploit attempts in a MS Exchange on-prem or online environment)

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC