Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Exchange vulnerabilities disclosed by ZDI

Microsoft on Tuesday delivered a hefty batch of software security updates and issued warnings for a pair of already-exploited zero-days haunting Windows OS users.

The Redmond, Wash. software giant pushed out fixes for at least 80 Windows flaws and called special attention to CVE-2023-23397, a critical-severity issue in Microsoft Outlook that has been exploited in zero-day attacks.

As has become customary, Microsoft’s security response center did not provide details or indicators of compromise (IOCs) to help defenders hunt for signs of compromise. 

UPDATE (3/15): Microsoft has blamed this exploitation on a Russian threat actor and released a detection script to help defenders hunt for signs of infection.

The company credited the Ukrainian CERT organization and its own MSTI threat intelligence team for the discovery, suggesting it was being exploited in advanced APT attacks in Europe.

“An attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user,” Microsoft said in a barebones bulletin documenting the bug.

The company said an attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server. 

“This could lead to exploitation BEFORE the email is viewed in the Preview Pane,” Redmond added, noting that external attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. 

Advertisement. Scroll to continue reading.

“This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim,” the company warned.

Microsoft also flagged a second vulnerability — CVE-2023-24880  — for urgent attention and warned attackers are continuing to actively bypass its SmartScreen security feature.

The company has struggled to contain attackers bypassing the SmartScreen technology that has been fitted into Microsoft Edge and the Windows operating system to help protect users from phishing and social engineering malware downloads.

The notorious Magniber ransomware operation has been observed exploiting the SmartScreen bypass technique, prompting multiple attempts by Microsoft to mitigate the issue. 

Separately, software maker Adobe also issued an urgent warning about “very limited attacks” exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform.

Adobe’s warning was embedded in a critical-severity level advisory that contains patches for ColdFusion versions 2021 and 2018.  “Adobe is aware that CVE-2023-26360 has been exploited in-the-wild in very limited attacks targeting Adobe ColdFusion,” the company said.  No other details on the in-the-wild compromises were provided. 

Related: Microsoft Patches MotW Zero-Day Exploited for Malware Delivery

Related: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Related: Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day

Related: Microsoft OneNote Abuse for Malware Delivery Surges

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.