Background / What’s happened?
A critical elevation of privilege vulnerability (CVE-2023-23397) has been identified in all versions of Microsoft Outlook for Windows.
Microsoft Outlook for Windows is a personal information manager software system from Microsoft, available as a part of the Microsoft Office and Microsoft 365 software suites. Microsoft Outlook for Windows is available on Windows.
Exploitation of this vulnerability occurs when a threat actor delivers a specially crafted message to a user. These can leak the new technology LAN manager (NTLM) hash of the user to the untrusted network which an attacker can then relay to another service and authenticate as the user.
Affected Australian organisations should apply the available patch immediately.
The ACSC is not aware of any successful exploitation attempts against Australian organisations.
Mitigation / How do I stay secure?
Australian organisations that use Microsoft Outlook for Windows should review their patch status and update to the latest version.
Additionally, the ACSC recommends organisations block outbound SMB traffic (Ports 139 and 445).
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).