The vulnerability is triggered when the Outlook client retrieves and processes the message. An attacker can exploit this vulnerability simply by sending the victim a specially crafted email. However, the CVSS attack complexity is rated “Low”. The Computer Emergency Response Team of Ukraine first reported the vulnerability to Microsoft.ĬVE-2023-23397 does not affect non-Windows versions of Outlook such as apps for Android, iOS, Mac, as well as Outlook on the web and other Microsoft 365 services. Microsoft subsequently assessed that the activity was associated with Russian based actors and used in limited, targeted attacks against a small number of organizations. Along with the patch, Microsoft released a security advisory detailing the targeted, but limited attacks they saw leveraging this particular vulnerability. Microsoft released a patch for the privilege escalation vulnerability on Tuesday as part of its monthly security update. More information about File Reputation and Analysis Services is available here.Ĭisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild. to the File Reputation and analysis services. That does require customers to add Word.Wizard.8(.wiz). If the ESA Administrator would prefer to rely on Cisco Secure Endpoint + Secure Malware Analytics integration to avoid performance impacts that option is also available. Please note that filters can slow down your inbox, so please use caution when applying. There is a filter on our GitHub (created by Bartosz Kozak) that can be applied as a filter using these instructions. We are also working to provide some resources to ESA customers related to this vulnerability. First, we are providing a ClamAV signature that detects this threat - the rule can be found on our GitHub here and can be leveraged anywhere ClamAV signatures are supported. Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |