Microsoft Office Outlook Privilege Escalation Vulnerability

Added March 14, 2023 • Due April 4, 2023 • CVE-2023-23397

Overdue Microsoft / Office CWE-294

Description

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Required Action

Apply updates per vendor instructions.

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/,
https://nvd.nist.gov/vuln/detail/CVE-2023-23397

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 5 months, 1 week ago