Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)
During this month’s patch releases from Microsoft, our experts have noted that there is a critical vulnerability that has been publicly disclosed prior to a patch being available. This vulnerability impacts Microsoft Outlook and requires zero user interaction to exploit.
CVE-2023-23397 – CVSS Score 9.8 – Critical
This represents a significant threat and the vulnerability has been attributed to a Russian-backed threat actor. Due to the nature of this vulnerability, taking swift action is of paramount importance to protect your environment. Please see below the following steps for remediation, as well as additional steps that Transparity Cyber are taking to establish any signs of compromise in our customers’ environment.
There is a patch available that addresses this vulnerability which is delivered in the latest Microsoft Office updates. For Windows, Microsoft Office click-to-run installs should be configured for automatic updates, so your environment should receive these patches over the coming days, however, due to the severity, Transparity Cyber recommend the additional steps:
- Email all end user to advise a manual update of Microsoft Office (click-to-run).
- Launch Microsoft Outlook
- Select File > Office Account
- Update Options > Update Now
- Allow update process to complete (Approximate time to complete: < 15 mins)
- Transparity Cyber will monitor the patching status for this vulnerability and will provide ongoing feedback on any remaining exposed devices.
Note: If you do not use Microsoft Office click-to-run and instead deploy and manage Microsoft Office via an MSI install, or you deploy office to a non-windows platform please contact us for further guidance as the update process may differ.
Checking for exposure
Microsoft have released a script to check Microsoft Exchange servers and Microsoft Exchange online for exposure to any compromise as a result of this vulnerability. Transparity Cyber will be running this across customers and will report back with the results.