CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2023-04-04

Exploited in the wild

Microsoft Outlook Elevation of Privilege Vulnerability

36 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2019	>= 19.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2021	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_outlook_2013_service_pack_1	>= 15.0.0.0 < 15.0.5537.1000	15.0.5537.1000
microsoft	microsoft_outlook_2016	>= 16.0.0.0 < 16.0.5387.1000	16.0.5387.1000
microsoft	office	—	—
microsoft	office_long_term_servicing_channel	—	—
microsoft	outlook	—	—
microsoft	outlook	—	—
msrc	microsoft_365_apps_for_enterprise_for_32-bit_systems	—	—
msrc	microsoft_365_apps_for_enterprise_for_64-bit_systems	—	—
msrc	microsoft_exchange_server_2016_cumulative_update_23	—	—
msrc	microsoft_exchange_server_2019_cumulative_update_13	—	—
msrc	microsoft_exchange_server_2019_cumulative_update_14	—	—
msrc	microsoft_office_2019_for_32-bit_editions	—	—
msrc	microsoft_office_2019_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_32-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_64-bit_editions	—	—
msrc	microsoft_outlook_2013_rt_service_pack_1	—	—
msrc	microsoft_outlook_2013_service_pack_1	—	—
msrc	microsoft_outlook_2016	—	—
msrc	windows_10	—	—
msrc	windows_10_version_1607	—	—
msrc	windows_10_version_1809	—	—
msrc	windows_10_version_20h2	—	—

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vulncheck9.8CRITICAL

cisa9.8CRITICAL