"Microsoft Battles Zero-Day Attacks and Vulnerabilities in Outlook and 365 Apps"

March 15, 2023 at 08:04 PM

•

1 min read

"Microsoft Battles Zero-Day Attacks and Vulnerabilities in Outlook and 365 Apps" — Photo: SecurityWeek

TL;DR Summary

Microsoft has identified a Russian-based threat actor behind the exploitation of a critical vulnerability in its Outlook software. The company has urged all customers to update their Microsoft Outlook for Windows to remain secure. The vulnerability is a critical privilege escalation issue that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. Microsoft has also flagged a second vulnerability for urgent attention and warned attackers are continuing to actively bypass its SmartScreen security feature.

Topics:technology #cybersecurity #microsoft #outlook #russian-apt #smartscreen #zero-day

Share this article

Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script SecurityWeek
As CVE-2023-23397 exploits proliferate, worry mounts over CNI The Stack
Microsoft Releases Updates to Patch Outlook NTLM Vulnerability Petri.com
Microsoft Patch Tuesday, March 2023 Edition – Krebs on Security Krebs on Security
Urgent: Microsoft 365 Apps being exploited in wild through CVSS 9.8 pre-auth RCE bug The Stack

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

82%

493 → 91 words

Want the full story? Read the original article

Read on SecurityWeek

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights