CVE-2023-23397: 
vulnerability analysis and mitigation

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397) is a critical security flaw discovered and disclosed in March 2023. This vulnerability affects all supported versions of Microsoft Outlook for Windows, while other versions such as Android, iOS, Mac, and Outlook on the web are not impacted. The vulnerability was initially discovered by Microsoft Threat Intelligence team, who identified limited targeted attacks against organizations in Europe (MSRC Blog).

CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability with a CVSS v3.1 base score of 9.8 (Critical). The vulnerability is triggered when an attacker sends a message with an extended MAPI property containing a UNC path to an SMB share on a threat actor-controlled server. The attack requires no user interaction and exploits NTLM authentication, allowing the attacker to capture and relay the user's NTLM negotiation message for authentication against other systems (MSRC Blog).

The vulnerability enables attackers to perform NTLM credential theft by directing connections to untrusted networks, such as the Internet. This can lead to unauthorized access and privilege escalation in targeted systems. Microsoft has confirmed that a Russia-based threat actor exploited this vulnerability in targeted attacks against organizations in government, transportation, energy, and military sectors in Europe (MSRC Blog).

Microsoft has released security updates to address CVE-2023-23397. The Outlook update prevents the use of paths from untrusted network sources for sound playback. Organizations must install the Outlook security update regardless of their mail hosting platform or NTLM authentication support. Additionally, Microsoft has provided a script to help organizations detect potential malicious messages (MSRC Blog).