TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
https://www.first.org/tlp/
Summary: On March 14th, 2023, Microsoft issued a security update (weblink below) which addresses a critical vulnerability in Outlook that could allow for credential theft and privilege escalation. Media sources report this vulnerability has been actively exploited by the Russian state-sponsored advanced persistent threat (APT) group APT28 (AKA STRONTIUM, Fancy Bear).
Microsoft Security Update: hxxps://msrc.microsoft[.]com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
The flaw, identified as CVE-2023-23397, has been assigned a critical CVSS score of 9.8 and impacts all supported versions of Microsoft Outlook for Windows. Microsoft states that other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
CVE-2023-23397: hxxps://msrc.microsoft[.]com/update-guide/vulnerability/CVE-2023-23397
NYSIC CAU Analyst Note: Microsoft urges customers to apply the appropriate patch to address this vulnerability as quickly as possible. As a temporary mitigation they also suggest adding users to the Protected Users group in Active Directory and blocking outbound SMB (TCP port 445) to minimize the impact of attacks.
Additionally, Microsoft provided a script which will assist customers to determine if their organization was targeted by actors attempting to exploit CVE-2023-23397: hxxps://aka[.]ms/CVE-2023-23397ScriptDoc.
This information has been disseminated to:
NYSIC CAU Contacts – OCT-CIP
NYSIC CAU Contacts – ITS EISO
NYSIC CAU Contacts – Cyber Partners Working Group (CPWG)
NYSIC CAU Contacts – Critical Infrastructure: All
NYSIC CAU Contacts – SLTT
NYSIC CAU Contacts – Private Sector
For more information, please contact the NYSIC Cyber Analysis Unit at (518) 786-2191 or CAU@nysic.ny.gov.
TLP: CLEAR
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules,
TLP:CLEAR information may be shared without restriction.
https://www.first.org/tlp/
CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain highly sensitive and confidential information. It is intended only for the individual(s) named. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.