When one of Intersys’ seasoned security experts refers to the Microsoft Outlook Vulnerability CVE-2023 – 23397 as ‘quite a nasty one’ we tend to take note.
You should too.
As Microsoft Modern Workplace Partners and Microsoft 365 Support specialists, we’re constantly monitoring the Microsoft metaverse for security concerns.
Here’s the headline facts: this Microsoft Outlook/365 vulnerability can infect your machine and devastate your organisation.
It enters your IT ecosystem via email. But here’s the thing – it can start wreaking havoc even without you clicking on the email.
Yes, we know. If you didn’t have enough on your plate…
For all the tl;dr (too long; didn’t read) crowd, here’s what to do: ensure you patch office and install quality updates. More on how to do that here.
For the rest, here’s further context and some best practice to follow.
What is Microsoft Outlook Vulnerability CVE-2023 – 23397?
CVE-2023 – 23397 is a critical ‘elevation of privilege’ vulnerability in the Microsoft Outlook/ 365 application suite. It helps a remote and unauthorised criminal get into systems by sending a special email that helps them steal a recipient’s personal login information.
So far, so according to the criminal playbook. The really alarming part is this: the email activates automatically when it reaches Outlook.
Yes, you heard that right. No action on a user’s part is required. Once it’s in, it’s away…
How Bad is It?
The US government’s own National Vulnerability Database has awarded it 9.8 out of a maximum 10 on its threat scale.
Translation. ‘Quite a nasty one.’
Cyber security journals online are referring to it as the ‘most far-reaching bug of the year’, which sounds, deceptively, like some kind of awards win. But there’s nothing sparkly or positive about this at all.
It has a formidable ‘attack surface’, the terminology used by cyber security experts to describe the sum of vulnerabilities, pathways or methods a hacker can use.
Specifically, it could attack the users of your desktop Outlook, core IT systems connected to Microsoft 365 and even recipients of emails sent through Outlook.
That’s a big attack surface.
Who Has It Hit So Far?
According to the Microsoft Security Resource Center (MSRC), it has been used already by a ‘Russia-based threat actor’ in targeted attacks against 15 European government, transport, energy, and military sectors. (Although many in the industry suggest this may be the tip of the iceberg.)
It’s considered relatively easy for criminals to replicate, which means more attacks are likely to follow.
How Could I be Affected?
The bug may affect you if you run an Exchange server and the Outlook for Windows desktop client. However, Outlook for Android, iOS, Mac and Outlook for Web (OWA) are not affected.
Microsoft communication did not mention how criminals are using CVE-2023 – 23397 during their attacks. However, potential methodologies include stealing data, installing malware and using stolen identities to launch phishing campaigns. All of these could have a devastating effect on a business’s continuity or even viability.
What Do I Need to Do?
Jake Ives, our Senior Security Consultant, has the following advice to help contain the bug:
Make sure your IT admin or security team do the following:
- Patch Microsoft Outlook and install quality updates, ensuring that everyone is using an up to date, supported version of Microsoft Office
- Use a firewall to block outbound traffic to port 445*
- Check the patching schedule to ensure quality updates distribute in good time
- Run Microsoft’s PowerShell script to determine if any users have been sent the specially crafted message that exploits this vulnerability.
It’s also important to notify the key stakeholders within your organisation and ask them to stay vigilant.’
*Intersys can install advanced-threat protection with our partner WatchGuard’s industry-leading firewalls.
In Conclusion
Should you be worried? In the sense that a little healthy anxiety will spur you into action, yes. As to those actions, take note of Jake’s points and refer to your IT or cyber security team/provider to ensure they are doing all of the above.
And keep reading this blog. It’s our job to stay updated on threats that could affect our clients. We’ve also created a Microsoft 365 security best practice guide to help you keep your Microsoft 365 estate safe. We also read this stuff over bagels and coffee on the weekend because we’re hopelessly addicted to cyber security best practice. (True story.)
We’ll keep you updated.
Need help dealing with Microsoft Outlook Vulnerability CVE-2023 – 23397? Chat to a specialist at our dedicated cyber security service and we will help you stay safe. Intersys is a Microsoft Modern Workplace Partner and specialist in Microsoft 365 Support.