Microsoft has issued a recent advisory regarding a critical security vulnerability affecting Windows systems (Servers and Endpoints) using Microsoft Outlook CVE-2023-23397.
This CRITICAL Vulnerability allows Cyber Criminals to steal credentials of Microsoft Outlook users with minimal complexity or effort. This vulnerability can be exploited by sending an email to a target user but does not require that user to open the email. It poses a dire threat to vulnerable organizations, as Cyber Criminals can repeatedly execute this attack and commandeer user accounts while the user is completely unaware.
Impact to Services
All customers with supported versions of Microsoft Outlook application for Windows are affected. Outlook for Mac, iOS or Android, or Outlook on the web are not affected.
To protect your organization, Microsoft and BOXX Hackbusters recommends that all organizations install the latest security patch for Microsoft Outlook immediately. To do this yourself you should do the following:
- Open Outlook
- Click on the File menu
- Click on Office Account (some older versions may just say Account)
- Click on Update Options
- Select Update Now
If your organization usually manages updates, please verify with your IT Service Desk and ensure that they update all impacted systems.