Skip to main content

Important. A bug in CVSS 9.8 leads to heavy use of Microsoft 365 Apps.

 A major weakness in the popular Microsoft Outlook/365 suite of applications is natively exploited and requires basic installation. CVE-2023-23397, a CVSS 9.8 bug, allows an intercepted, unauthenticated attacker to fundamentally breach the system by sending specially crafted messages that allow them to take over the user's capabilities. receive.


This gets even more horrifying: the victim doesn't actually need to open the malicious mail: as Microsoft noted in the Microsoft 365 Defenseless course: "[Message] usually activates when visited by a Guest: potentials retrieved and sorted This may lead to processing. Recently, email showed up in preview pane


Connecting colleagues pursuing The Stack on LinkedIn

Lack of protection needed Devices from Microsoft Perspective affect both 32- and 64-bit adaptations of Microsoft 365 Apps for Endeavor.Office 2013, 2016 and 2019 (as well as LTSC) are also vulnerable to ambushes, triggered by malicious mail. kernel associated with an area under the attacker's control; reverses the Net-NTLMv2 hash (traditional challenge response used for validation in Windows instances) from victim to attacker maybe Then don't move it to another benefit and verify that victim.


Summary shape: You don't actually have to open the faulty email to get a confirmation. Terrible news especially.


(Microsoft can download a detailed PDF of the Pass-the-Hash ambush against Windows here, linked to this week's contact information. Readers, the PDF is out of date. over 10 years.)


Alternatives to Microsoft perspective CVE-2023-23397

Microsoft says that counting customers in the "Trusted Client Security Council" can be a control important to expect NTLM to be used as a validation engine. These exploratory steps may include less demanding questions than other NTLM degradation methodologies. Consider using this for large accounts, such as space administrators if possible", but note that "this may affect applications that require NTLM, although the installation will complete after the client is deleted" from the secure client security group


Redmond also recommends that administrators set TCP 445/SMB outbound from your organization by using a border, wall, or edge firewall.
local fire and through your VPN settings: "This will avoid sending NTLM assertion messages to unreachable file shares", it integrates of course to handle CVE-2023-23397


It attributes this detection to CERT-UA, Microsoft Event Response, and Microsoft Threat Experiences. assuming they haven't ended by that time], a random scan report sent to customers participating in Microsoft 365 Defender, Microsoft Shield for Commerce or Microsoft Shield for Endpoint Organizer 2 said, point by point by Bleeping Computer, who said the memo describes ambushes against Russian military information (suddenly attacked like APT28, Privilege Bear, Sednit, Sofacy or STRONTIUM...)


Ambushes further afield may be more demanding later, because the rules are overturned and the adversary security investigators are verifying the cybercrime groups realize how mismanagement does.

Comments

Post a Comment

Popular posts from this blog

Microsoft's most progressed AI machine and OpenAI's most progressed GPT-4 cat are enormous wins for Nvidia stock speculators

 The computational demand for AI workloads brings huge headwinds to the various AI solutions offered by Nvidia. The latest reported revision of OpenAI's ChatGPT requires more control of the computer than the previous model. In the case of rapidly evolving AI technology, Nvidia's transactional demand (NVDA 0.69%) could create significant headwinds for their data center segment. Watch the short video to learn more, consider signing up and hit the awesome deals interface below.
Post a Comment
Read more