Windows NT LAN Manager (NTLM) is a challenge-response authentication protocol used to authenticate a client to a resource on an Active Directory domain.
This means this vulnerability could be used to obtain a hashed token, which could then be used in a so-called “pass-the-hash” attack. The mail would be triggered automatically when retrieved and processed by the Outlook client, which could result in exploitation even before the email is viewed in the Preview Pane. This would leak the Net-NTLMv2 hash of the victim to the attacker who could then relay this to another service and authenticate as the victim. External attackers could send specially crafted emails to cause a connection from the victim to an external UNC location of attackers' control. The CVEs of the actively exploited vulnerabilities patched in these updates are:ĬVE-2023-23397: a critical Microsoft Outlook Elevation of Privilege (EoP) vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. On top of that, Adobe has fixed an actively exploited vulnerability in ColdFusion. In total Microsoft has fixed a total of 101 vulnerabilities for several titles (including Edge), with two of them being actively exploited zero-days. Microsoft, and other vendors, have released their monthly updates.