⚠ Actively exploited

Added to CISA KEV on 2023-03-14. Federal agencies required to patch by 2023-04-04. Required action: Apply updates per vendor instructions..

CVE-2023-23397

CWE-20 — Improper Input Validation CWE-29442 documents19 sources

Severity

9.8CRITICAL

EPSS

93.4%

top 0.19%

CISA KEV

KEV

Added 2023-03-14

Due 2023-04-04

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Microsoft 365 Apps FOR Enterprise Microsoft Microsoft Office 2019 Microsoft Microsoft Office Ltsc 2021 +5 more

Timeline

PublishedMar 14

KEV addedMar 14

KEV dueApr 4

Latest updateDec 7

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Outlook Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5microsoft/microsoft_outlook_201616.0.0.0 — 16.0.5387.1000

▶CVEListV5microsoft/microsoft_outlook_2013_service_pack_115.0.0.0 — 15.0.5537.1000

▶NVDmicrosoft/outlook2013, 2016+1

▶CVEListV5microsoft/microsoft_office_201919.0.0 — https://aka.ms/OfficeSecurityReleases

▶CVEListV5microsoft/microsoft_office_ltsc_202116.0.1 — https://aka.ms/OfficeSecurityReleases

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4778-q233-jmh5: Microsoft Outlook Elevation of Privilege Vulnerability↗2023-03-14

▶

CVEList

Microsoft Outlook Elevation of Privilege Vulnerability↗2023-03-14

▶

VulnCheck

Microsoft Office Outlook Privilege Escalation Vulnerability↗2023

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M3 (CVE-2023-23397)↗2023-03-16

▶

Suricata

ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M4 (CVE-2023-23397)↗2023-03-16

▶

Suricata

ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M1 (CVE-2023-23397)↗2023-03-16

▶

Suricata

ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M5 (CVE-2023-23397)↗2023-03-16

▶

Suricata

ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M8 (CVE-2023-23397)↗2023-03-16

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Elevation of Privilege Vulnerability↗2023-03-14

▶

CISA

Microsoft Office Outlook Privilege Escalation Vulnerability↗2023-03-14

▶

🕵️Threat Intelligence

Unit42

Fighting Ursa Aka APT28: Illuminating a Covert Campaign↗2023-12-07

▶

Bleepingcomputer

Russian military hackers target NATO fast reaction corps↗2023-12-07

▶

Bleepingcomputer

Russian hackers exploiting Outlook bug to hijack Exchange accounts↗2023-12-04

▶

Securelist

IT threat evolution Q3 2023↗2023-12-01

▶

Securelist

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability↗2023-07-19

▶