Microsoft Security Team Identifies Critical Vulnerability in Outlook
In March of this year, the Microsoft security team revealed a critical vulnerability in Microsoft Outlook. The vulnerability, tracked under the identifier cve-2023-23397, allows attackers to hijack the NET-NTLMV2 credentials and gain unauthorized access to user accounts. Attackers exploit this vulnerability by sending a specially prepared electronic message that transmits the NET-NTLMV2 hash during the message’s opening.
On the Microsoft blog, it is noted that the vulnerability was utilized by the Forest Blizzard group for their attacks on various organizations. This group is known for targeting critical infrastructure, government institutions, the energy sector, transport systems, and non-governmental organizations. Their operations primarily focus on the Middle East, USA, and Europe.
Microsoft also reported a separate incident in September of this year where Forest Blizzard exploited a Zero-Day vulnerability in Winrar (cve-2023-38831). The vulnerability was first discovered in August 2023. By then, several APT groups had already attacked 130 organizations, successfully compromising traders’ funds. Despite the availability of a patch for the Winrar vulnerability, attackers continue to target systems with unpatched versions of the program.
In response to the Outlook vulnerability, Microsoft promptly released the necessary correction for CVE-2023-23397. This correction is available for all supported versions of Outlook.
Microsoft Exchange customers are strongly advised to install the latest security updates and update to the latest version as a precautionary measure. Winrar users should also update the program to reduce the risk of falling victim to the Forest Blizzard cyber group.
It is important to note that for the most reliable protection against any