Microsoft has just issued an update to its Outlook desktop client to protect users from hackers reportedly associated with the Russian military intelligence service GRU.
Official bodies and government agencies appear to have been the key focus of the attack, which took place from as early as April 2022.
The elevation of privilege vulnerability, according to Microsoft (opens in new tab), only affected Outlook for Windows. macOS, iOS, Android, and web versions of the email provider were unaffected during this time.
The summary reads: “Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft.”
The vulnerability, recognized as critical and denoted the CVE-2023-23397 (opens in new tab) tag, relayed the victim’s NTLM negotiation message to other systems that support NTLM authentication.
The company confirms: “Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe.”
According to a private threat analytics report seen by BleepingComputer (opens in new tab), stolen credentials were used for lateral movement within a victim’s network and to change Outlook mailbox folder permissions.
A script (opens in new tab) compiled by Microsoft aims to help organizations determine whether they were targeted during any attacks exploiting the vulnerability.
The company is now urging customers with 32-bit and 64-bit versions of Outlook installed on their Windows machines (including Outlook 2013, Outlook 2016, Outlook 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise) to apply the patch.
Moreover, installing security updates to all software in a timely manner has become an important part of running apps in an effort to maintain the utmost security.
- Check out the best malware removal tools