Recently, Microsoft shared warnings and tips on how customers can locate indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. This vulnerability, CVE-2023-23397 (CVSS score: 9.8), carries a critical weak point related to privilege escalation. This loophole allows hackers to exploit NT Lan Manager (NTLM) hashes and ignite a potential relay attack without notifying the device's user.
Microsoft states that "external attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the untrusted network, which an attacker can then relay to another service and authenticate as the victim."
Unfortunately, Microsoft only fixed this vulnerability after Russian cyber criminals uncovered it. Since then, they've worked tirelessly to weaponize this fatal flaw to target government agencies and other high-value targets. In an incident report, it turns out that Microsoft had known about this flaw as far back as April 2022, knowing full well that hackers could exploit this weak point.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.
Comentários