{"uuid": "a1e9c7f2-9f8f-4530-9c40-67cf1a338501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23397", "type": "exploited", "source": "https://t.me/theninjaway1337/1332", "content": "CRITICAL OUTLOOK VULNERABILITY: IN-DEPTH TECHNICAL ANALYSIS AND RECOMMENDATIONS (CVE-2023-23397)\n\nEarlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire year. This exploit has caught the attention of a hacking group linked to Russian military intelligence that is using it to target European organizations.\nCVE-2023-23397 allows threat actors to steal NTLM credentials of Microsoft Outlook users with minimal complexity or effort. This vulnerability can be exploited by sending an email to a target user but does not require that user to open the email. It poses a dire threat to vulnerable organizations, as threat actors can repeatedly execute this attack and commandeer user accounts while the user is none the wiser.\n\nhttps://www.trustedsec.com/blog/critical-outlook-vulnerability-in-depth-technical-analysis-and-recommendations-cve-2023-23397/", "creation_timestamp": "2023-03-23T20:04:54.000000Z"}