CVE-2023-23397

Published on: Not Yet Published

Last Modified on: 04/11/2023 08:07:55 PM UTC

CVE-2023-23397

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of 365 Apps from Microsoft contain the following vulnerability:

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2023-23397 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
Affected Vendor/Software: Microsoft - Microsoft Office version < https://aka.ms/OfficeSecurityReleases
Affected Vendor/Software: Microsoft - Microsoft Outlook version < 16.0.5387.1000
Affected Vendor/Software: Microsoft - Microsoft Outlook version < 15.0.5537.1000
Affected Vendor/Software: Microsoft - Microsoft 365 Apps for Enterprise version < https://aka.ms/OfficeSecurityReleases

CVSS3 Score: 9.8 - CRITICAL

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
Security Update Guide - Microsoft Security Response Center	msrc.microsoft.com text/html	MISC msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

110428 Microsoft Outlook Elevation of Privilege Vulnerability for March 2023
110430 Microsoft Office Security Update for March 2023

Exploit/POC from Github

Exploit POC for CVE-2023-23397

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	365 Apps	-	All	All	All
Application	Microsoft	Office	2019	All	All	All
Application	Microsoft	Office	2021	All	All	All
Application	Microsoft	Outlook	2013	sp1	All	All
Application	Microsoft	Outlook	2013	sp1	All	All
Application	Microsoft	Outlook	2016	All	All	All

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*:
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*:
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*:
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*:
cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*:
cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@akamai_research	Let's start with in-the-wilds: CVE-2023-23397, reported by CERT-UA, allows for a spoofing attack against Outlook,… twitter.com/i/web/status/1…	2023-03-14 17:35:46
@KEV_bot_1	CVE-2023-23397 - Microsoft Office Outlook Spoofing Vulnerability has been added to the KEV catalog.	2023-03-14 18:11:52
@IT_news_for_all	Microsoft Patch Tuesday для марта! msrc.microsoft.com/update-guide/r… два zero day патча: CVE-2023-23397 - Microsoft Outlo… twitter.com/i/web/status/1…	2023-03-14 18:11:57
@HackingLZ	This is probably useful github.com/microsoft/CSS-…	2023-03-14 18:39:23
@JayBleeng	msrc.microsoft.com/update-guide/e… msrc.microsoft.com/update-guide/e…	2023-03-14 18:42:04
@CISACyber	? #CVE-2023-23397, CVE-2023-24880 & CVE-2022-41328 have been added to @CISAgov’s Known Exploited Vulnerabilities Ca… twitter.com/i/web/status/1…	2023-03-14 18:48:47
@ido_cohen2	? A gold mine for attackers, Outlook zero-day vulnerability (CVE-2023-23397) ? bleepingcomputer.com/news/microsoft…	2023-03-14 20:30:13
@peterkruse	Get your patching done this tuesday and especially CVE-2023-23397 which is a RCE directly via Outlook email preview… twitter.com/i/web/status/1…	2023-03-14 20:50:18
@CERT_Polska	‼Ostrzegamy przed krytyczną podatnością w Microsoft Outlook oznaczoną jako CVE-2023-23397, aktywnie wykorzystywaną… twitter.com/i/web/status/1…	2023-03-14 21:31:08
@fabian_bader	Microsoft Outlook Elevation of Privilege Vulnerability CVE-2023-23397 Putting regular users in the protected users… twitter.com/i/web/status/1…	2023-03-14 21:42:46
/r/exchangeserver	March 2023 Outlook Awareness Notice Questions	2023-03-14 17:16:06
/r/crowdstrike	Does CrowdStrike provide any protection against CVE-2023-23397 (Microsoft Outlook Elevation of Privilege Vulnerability)	2023-03-15 00:47:26
/r/redteamsec	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-14 23:58:31
/r/netsec	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-15 01:25:00
/r/sysadmin	CVE-2023-23397 PowerShell Script	2023-03-15 00:58:29
/r/torchsecuritynet	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-15 02:17:43
/r/torchsecuritynet	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-15 02:17:42
/r/UIC	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-15 06:13:16
/r/HackProtectSlo	Uhajanje NTLM poverilnic preko Outlook ranljivosti	2023-03-15 08:38:27
/r/sysadmin	Restricting SMB traffic in response to CVE-2023-23397	2023-03-15 10:05:25
/r/msp	Microsoft Outlook CVE-2023-23397 - Elevation of Privilege Vulnerability	2023-03-15 10:47:55
/r/sysadmin	Microsoft Outlook CVE-2023-23397 - Elevation of Privilege Vulnerability	2023-03-15 10:46:59
/r/k12cybersecurity	MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, March 14, 2023 - PATCH NOW	2023-03-15 12:44:22
/r/worldTechnology	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-15 12:39:39
/r/Action1	Microsoft Patches Two Zero Days This Month	2023-03-15 13:42:03
/r/WindowsUpdate	CVE-2023-23397 - There's a critical patch but no option for download :)	2023-03-15 13:21:33
/r/sysadmin	CVE-2023-23397	2023-03-15 14:39:19
/r/HellLetLoose2	NVD - CVE-2023-23397	2023-03-15 18:06:52
/r/Intune	Microsoft Outlook CVE-2023-23397	2023-03-15 20:11:42
/r/sysadmin	CVE-2023-23397 and 365	2023-03-15 20:48:21
/r/kaseya	Mitigating CVE-2023-23397 (Office March 14, 2023 Update) with Kaseya	2023-03-15 20:38:04
/r/crowdstrike	// SITUATIONAL AWARENESS // Hunting Microsoft Outlook NTLM Relay Vulnerability CVE-2023-23397	2023-03-15 23:37:15
/r/cybersecurity	Microsoft Outlook CVE-2023-23397 - Elevation of Privilege Vulnerability	2023-03-16 00:41:29
/r/sysadmin	cve-2023-23397 Microsoft Script query	2023-03-16 10:24:42
/r/k12sysadmin	Urgent: Microsoft 365 Apps being exploited in wild through CVSS 9.8 bug	2023-03-16 11:27:43
/r/SecOpsDaily	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-16 13:37:50
/r/sysadmin	Microsoft vulnerability alert ⚠️	2023-03-16 13:16:56
/r/cybersecurity	CVE-2023-23397 - Critical Elevation of Privilege zero-day in Microsoft Outlook, severity 9.8	2023-03-16 14:48:02
/r/sysadmin	Trouble with CVE-2023-23397.ps1	2023-03-16 14:11:20
/r/Intune	Dealing with Zero-Day Flaw for Office/Outlook? CVE-2023-23397	2023-03-16 16:35:30
/r/sysadmin	CVE-2023-23397 \| Error while running Get-Mailbox \| .\CVE-2023-23397.ps1 -Environment "Online"	2023-03-16 16:00:44
/r/sysadmin	CVE-2023-23397 Outlook Patching Script	2023-03-16 19:49:13
/r/sysadmin	Microsoft Outlook was deployed using ODT by previous admin, is there a way to update the network share path it looks at for updates?	2023-03-16 19:21:28
/r/torchsecuritynet	Microsoft Outlook CVE-2023-23397 Proof Of Concept	2023-03-16 19:17:21
/r/msp	Outlook Vulnerability (9.8 Severity Critical): Exploit requires no user interaction. Update is available to patch.	2023-03-16 20:38:23
/r/CKsTechNews	CVE-2023-23397 – Microsoft Outlook Privilege Elevation Critical Vulnerability	2023-03-16 22:00:00
/r/sysadmin	CVE-2023-23397 – CVSS 9.8 - Outlook Privilege Eskalation	2023-03-17 01:39:53
/r/Office365	CVE-2023-23397	2023-03-17 03:23:32
/r/spixnet_gmbh_official	Microsoft fixes Outlook zero-day used by Russian hackers since April 2022	2023-03-17 04:30:58
/r/sysadmin	TIL: You can see all of your Office versions in config.office.com and update them to the latest Monthly Enterprise channel to help with CVE-2023-23397.	2023-03-17 04:20:09
/r/u/Tsofmetasploit	Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook	2023-03-17 06:11:14
/r/SecOpsDaily	CVE-2023-23397: Exploitations in the Wild – What You Need to Know	2023-03-17 07:26:50
/r/sysadmin	CVE-2023-23397 - Outlook Vulnerability Results	2023-03-17 12:45:37
/r/sysadmin	CVE-2023-23397 - ConnectWise Control	2023-03-17 14:01:24
/r/sysadmin	CVE-2023-23397.ps1 found e-mails	2023-03-17 15:05:50
/r/msp	Everything We Know About CVE-2023-23397	2023-03-17 14:44:32
/r/cybersecurity	Top cybersecurity stories for the week of 03-13-23 to 03-17-03	2023-03-17 14:31:21
/r/paloaltonetworks	Mitigation of MS Outlook pants-on-fire CVE-2023-23397 produces unexpected output	2023-03-17 16:02:51
/r/spixnet_gmbh_official	Microsoft fixes Outlook zero-day used by Russian hackers since April 2022	2023-03-17 16:33:45
/r/DefenderATP	Any Suggestions On Creating A Detection Rule In Defender For CVE-2023-23397	2023-03-17 18:16:24
/r/purpleteamsec	Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)	2023-03-17 19:23:55
/r/torchsecuritynet	Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)	2023-03-17 19:17:25
/r/SecOpsDaily	High Trending CVE-2023-23397 both on tweeter as well as on dark forums	2023-03-18 08:20:13
/r/SecOpsDaily	Everything We Know About CVE-2023-23397	2023-03-18 09:07:07
/r/bag_o_news	Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-03-19 10:48:47
/r/sysadmin	Upgrade as very smooth Office versions while users are using office applications	2023-03-19 17:50:11
/r/msp	RMM Vendors and CVE-2023-23397	2023-03-19 19:00:37
/r/Citrix	Outlook Zero-Day Critical Vulnerability	2023-03-19 21:29:15
/r/sysadmin	Checking for CVE-2023-23397 vulnerability	2023-03-20 08:18:53
/r/worldTechnology	Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)	2023-03-20 10:31:09
/r/AskNetsec	CVE-2023-23397 mitigations and questions	2023-03-20 10:55:39
/r/exchangeserver	Trouble running CVE-2023-23397 script against on-prem	2023-03-20 15:45:07
/r/sysadmin	Update triggered via Outlook rolling back version	2023-03-20 15:15:14
/r/sysadmin	Is CVE-2023-23397 patched by KB5023696 and/or the Office Click2Run?	2023-03-20 20:13:25
/r/sysadmin	CVE-2023-23397.ps1 and false posetives	2023-03-20 20:55:20
/r/sysadmin	Exchange Online / Office 365 Recent High False Positives for SPAM	2023-03-21 00:57:45
/r/Office365	Exchange Online / Office 365 Recent High False Positives for SPAM	2023-03-21 00:57:43
/r/Office365_Nepal	Exchange Online / Office 365 Recent High False Positives for SPAM	2023-03-21 00:57:41
/r/msp	CVE-2023-23397	2023-03-21 03:43:39
/r/sysadmin	Has anyone ran the CVE-2023-23397 script against a large environment?	2023-03-21 08:02:43
/r/SCCM	update patch CVE-2023-23397 for Outlook 2019 x64 and 2021 x64	2023-03-21 11:35:23
/r/MSSP	MSP Dispatch 3/21/23: Outlook CVE-2023-23397, Google Layoffs, Microsoft's New Copilot AI for Office	2023-03-21 14:02:09
/r/msp	MSP Dispatch 3/21/23: Outlook CVE-2023-23397, Google Layoffs, Microsoft's New Copilot AI for Office	2023-03-21 14:02:05
/r/InfoSecWriteups	Understanding CVE-2023–23397: The Microsoft Outlook Vulnerability You Need to Know About	2023-03-21 16:50:33
/r/InfoSecNews	Threat Actors Exploited Microsoft Outlook for Windows (CVE-2023-23397) as Early as April 2022	2023-03-21 18:08:23
/r/PowerShell	Failing to understand parameter issue	2023-03-22 00:14:01
/r/u/Away_Nectarine5070	Everything We Know About CVE-2023-23397	2023-03-22 14:24:28
/r/Intune	Critical & Security Updates with Intune & Windows 10 Update Rings (CVE-2023-23397)	2023-03-22 15:47:00
/r/PFSENSE	Floating Rule to cover CVE-2023-23397	2023-03-22 21:45:05
/r/Outlook	Does Version 2303 Build 16227.20172 fix vulnerability CVE-2023-23397	2023-03-22 21:09:46
/r/Nable	Using RMM is there a way to force an Update for Microsoft Office to patch for the CVE-2023-23397 Vulnerabiity	2023-03-23 03:52:27
/r/cybersecurity	Patch Immediately. Patch CVE-2023-23397	2023-03-23 03:38:48
/r/fortinet	Split Tunnel vs Full Tunnel	2023-03-23 14:44:36
/r/redteamsec	Exploiting Outlook CVE-2023-23397 to Relay Credentials	2023-03-23 16:06:32
/r/RedSec	Patch Immediately. Patch CVE-2023-23397	2023-03-23 19:02:26
/r/u/dbcomp	Security Vulnerability Alert	2023-03-24 04:18:10
/r/ProgrammerHumor	CVE-2023-23397 meme	2023-03-24 08:25:19
/r/Action1	Microsoft Outlook Zero-Day Threat: Action1 solution	2023-03-24 15:47:57
/r/sysadmin	Microsoft's Guidance for investigating attacks using CVE-2023-23397	2023-03-24 18:49:18
/r/blueteamsec	Guidance for investigating attacks using CVE-2023-23397	2023-03-24 19:45:31
/r/purpleteamsec	Guidance for investigating attacks using CVE-2023-23397	2023-03-24 21:04:51
/r/cybersecurity	Guidance for investigating attacks using CVE-2023-23397	2023-03-24 20:38:03
/r/Alpha_Cyber	Cyber News - This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.	2023-03-24 21:17:05
/r/Alpha_Cyber	Cyber News - #Pwn2Own pic. twitter. com/xtd0cdjGC3At Pwn2Own Vancouver 2023, security researchers targeted software from multiple categories, including automotive, enterprise applications and communications, servers, virtualization, and local escalation of privilege (EoP).	2023-03-25 02:05:56
/r/Alpha_Cyber	Cyber News - #Pwn2Own pic. twitter. com/xtd0cdjGC3At Pwn2Own Vancouver 2023, security researchers targeted software from multiple categories, including automotive, enterprise applications and communications, servers, virtualization, and local escalation of privilege (EoP).	2023-03-25 06:18:24
/r/Alpha_Cyber	Cyber News - #Pwn2Own pic. twitter. com/xtd0cdjGC3At Pwn2Own Vancouver 2023, security researchers targeted software from multiple categories, including automotive, enterprise applications and communications, servers, virtualization, and local escalation of privilege (EoP).	2023-03-25 13:41:05
/r/UIC	Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog	2023-03-26 06:42:43
/r/InfoSecNews	Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397	2023-03-27 01:45:47
/r/Hacking4life	Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers - (CVE-2023-23397)	2023-03-27 20:11:51
/r/msp	PSA for CVE-2023-23397: N-Able N-Sight/N-Central does not natively patch Microsoft 365 Apps for Business (click to run/ODT installs)	2023-03-28 12:01:59
/r/sysadmin	Outlook Desktop Issues after CVE-2023-23397 office update?	2023-03-29 14:15:58
/r/Nable	Blog: 2 New blogs	2023-03-29 19:41:32
/r/spixnet_gmbh_official	Microsoft shares tips on detecting Outlook zero-day exploitation	2023-03-31 11:05:16
/r/spixnet_gmbh_official	Guidance for investigating attacks using CVE-2023-23397	2023-03-31 12:04:09
/r/Hacking_Tutorials	Microsoft Outlook NTLM Vulnerability \| CVE-2023-23397 Demo	2023-04-03 05:37:38
/r/Outlook	Microsoft Outlook NTLM Vulnerability \| CVE-2023-23397 Demo	2023-04-03 05:36:59
/r/securityCTF	Microsoft Outlook NTLM Vulnerability \| CVE-2023-23397 Demo	2023-04-03 05:35:59
/r/Cybersecurity101	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-05 11:47:34
/r/cybersecurity	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-05 11:37:22
/r/netsec	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-05 13:11:41
/r/darkrelay	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-05 17:34:48
/r/selfpromotion	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-05 17:28:33
/r/becomingnerd	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-05 17:25:50
/r/bag_o_news	CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability	2023-04-07 12:25:16
/r/initaliano	[Office 365] Exchange Online / Office 365 RECENTE FALSI HIGH PRESITENI PER SPAM	2023-04-20 14:39:27
/r/aufdeutsch	[Crowd Strike] Bietet CrowdStrike Schutz vor CVE-2023-23397 (Microsoft Outlook Elevation of Privilege Vulnerability)	2023-04-27 15:34:22
/r/sysadmin	Office.Com Servicing Profiles – Only Available for Monthly Channel	2023-05-10 08:42:46
/r/CyberNews	Microsoft releases fix for patched Outlook issue exploited by Russian hackers	2023-05-10 21:08:10
/r/cybersecurity	Microsoft releases fix for patched Outlook issue exploited by Russian hackers	2023-05-10 21:08:00