Cleanup Mode: The script performs cleanup on detected items by either clearing the property or deleting the item.ĭetails can be found in this previously linked post.Audit Mode: The script returns a CSV file with details of the items that have the property populated.
If necessary, administrators can use this script to clean up the property for items that are malicious or even permanently delete the items on Exchange Servers. The script CVE-2023-23397.ps1 checks all Exchange messaging items (email, calendar, and tasks) to see if a property is populated with a UNC path. Microsoft had notified Exchange administrators of the vulnerability on the March 2023 patchday and published a check script (see the blog post Exchange Server Security Updates (March 14, 2023)). However, these are distributed via Office/Outlook and not via Windows Update. Outlook 2010) can thus no longer be patched and can be attacked.įor a list of all Outlook updates as of March 14, 2023, see CVE-2023-23397, which also includes Click-2-Run updates for Outlook 2016, Outlook 2019, and Outlook 2021, as well as Microsoft 365 (Office 365). Older Outlook versions that are no longer in support (e.g. Microsoft has released security updates for Outlook 2016 (KB5002254) and Outlook 2013 (KB5002265) dn Ma(see Patchday: Microsoft Office Updates (March 14, 2023)). Updates and Exchange test script available Thus, a successful attack does not require any interaction from the recipient. Microsoft notes in its documents that this vulnerability can be exploited before the email is displayed in the preview window.
The attacker can use that hash to authenticate as the victim's recipient in an NTLM relay attack, Microsoft says. When the email is read from the server and is processed by the client, a connection can be established to an attacker-controlled device to sniff the email recipient's Net NTLMv2 hash. It is an elevation of privilege (EvP) vulnerability that has received a CVEv3 score of 9.8, which means it is rated extremely critical.Īttackers can send a malicious email to a vulnerable version of Outlook.
I had already pointed out the CVE-2023-23397 vulnerability in Microsoft Outlook, which is classified as critical, in the blog post Microsoft Security Update Summary (March 14, 2023).
0 kommentar(er)
