Client advisory: Microsoft Outlook elevation of privilege vulnerability

A critical security vulnerability has been identified in the Microsoft Outlook desktop client. This vulnerability allows attackers to access your network by simply emailing you.

Cyber Advisory 2 min Fri, Mar 17, 2023

CFC's cyber threat analysis team has been alerted to a critical security vulnerability found in the Microsoft Outlook desktop client, tracked as CVE-2023-23397. This vulnerability allows attackers to access your network by simply emailing you. The email does not necessarily have to be opened and read for the attack to succeed.

To protect your organisation from this potential threat, we strongly recommend taking immediate action to address this issue. Please follow the steps outlined below:


Share this information with your IT department or any relevant personnel responsible for the maintenance and security of your organisation’s systems.

Assess Your Environment

Review your systems to identify which ones are running the Microsoft Outlook desktop application. Specifically, check for the affected versions mentioned in the official Microsoft Security Advisory - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397


Update Your Software

Microsoft has released patches to address this vulnerability. Download and apply the relevant security updates as soon as possible. If automatic updates are enabled, ensure they are running correctly and deployed throughout your organisation.

For more detailed information on CVE-2023-23397 and how to protect your organisation, please refer to the following resources.

1. Microsoft Security Advisory - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 

2. CVE Details - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23397

 

We understand that your systems and data security is crucial to your organisation’s success. If you have any questions or require assistance, please do not hesitate to contact the cyber threat analysis team at CyberThreatAnalysis@cfc.com or by using the CFC incident response app.