Additionally, Talos has released Snort rules 6149, and Snort 3 signature 300464 to detect the exploitation of this vulnerability.
Users should implement the patch as soon as possible.
However, the risk score is expected to rise once proof-of-concept exploit code becomes available. According to Microsoft, “This could lead to exploitation BEFORE the email is viewed in the Preview Pane.”Īs of Wednesday evening, Kenna Security scored CVE-2023-23397 with a risk score of 74 out of 100 - higher than 99 percent of all the vulnerabilities it has scored. The vulnerability is triggered when the Outlook client retrieves and processes the message. An attacker can exploit this vulnerability simply by sending the victim a specially crafted email. However, the CVSS attack complexity is rated “Low”. The Computer Emergency Response Team of Ukraine first reported the vulnerability to Microsoft.ĬVE-2023-23397 does not affect non-Windows versions of Outlook such as apps for Android, iOS, Mac, as well as Outlook on the web and other Microsoft 365 services.
Microsoft subsequently assessed that the activity was associated with Russian based actors and used in limited, targeted attacks against a small number of organizations. Along with the patch, Microsoft released a security advisory detailing the targeted, but limited attacks they saw leveraging this particular vulnerability. Microsoft released a patch for the privilege escalation vulnerability on Tuesday as part of its monthly security update. More information about File Reputation and Analysis Services is available here.Ĭisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild. to the File Reputation and analysis services. That does require customers to add Word.Wizard.8(.wiz). If the ESA Administrator would prefer to rely on Cisco Secure Endpoint + Secure Malware Analytics integration to avoid performance impacts that option is also available. Please note that filters can slow down your inbox, so please use caution when applying. There is a filter on our GitHub (created by Bartosz Kozak) that can be applied as a filter using these instructions. We are also working to provide some resources to ESA customers related to this vulnerability. First, we are providing a ClamAV signature that detects this threat - the rule can be found on our GitHub here and can be leveraged anywhere ClamAV signatures are supported. Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources.
0 kommentar(er)
