Russian hackers have been exploiting unknown flaw in Outlook for nearly a year now
Companies and organizations should update Outlook now
Microsoft has just issued an update to its Outlook desktop client to protect users from hackers reportedly associated with the Russian military intelligence service GRU.
Official bodies and government agencies appear to have been the key focus of the attack, which took place from as early as April 2022.
The elevation of privilege vulnerability, according to Microsoft, only affected Outlook for Windows. macOS, iOS, Android, and web versions of the email provider were unaffected during this time.
Outlook vulnerability
The summary reads: “Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft.”
The vulnerability, recognized as critical and denoted the CVE-2023-23397 tag, relayed the victim’s NTLM negotiation message to other systems that support NTLM authentication.
The company confirms: “Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe.”
According to a private threat analytics report seen by BleepingComputer, stolen credentials were used for lateral movement within a victim’s network and to change Outlook mailbox folder permissions.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A script compiled by Microsoft aims to help organizations determine whether they were targeted during any attacks exploiting the vulnerability.
The company is now urging customers with 32-bit and 64-bit versions of Outlook installed on their Windows machines (including Outlook 2013, Outlook 2016, Outlook 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise) to apply the patch.
Moreover, installing security updates to all software in a timely manner has become an important part of running apps in an effort to maintain the utmost security.
- Check out the best malware removal tools
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!