CVE-2023-35636: 
vulnerability analysis and mitigation

Microsoft Outlook Information Disclosure Vulnerability (CVE-2023-35636) was discovered and disclosed in December 2023. The vulnerability affects multiple Microsoft products including Microsoft 365 Apps Enterprise, Office 2016, Office 2019, and Office Long Term Servicing Channel 2021 (NVD).

The vulnerability specifically affects the calendar sharing function in Microsoft Outlook. It allows attackers to intercept NTLM v2 hashes used for authentication in Microsoft Windows systems by manipulating specific headers in an email. The exploit requires two headers: 'Content-Class' and 'x-sharing-config-url' that point to the attacker's machine. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (SecurityOnline).

When successfully exploited, this vulnerability can lead to information disclosure, specifically the exposure of NTLM v2 hashed passwords. Attackers can utilize these hashes in two ways: through offline brute-force attacks to crack user passwords without leaving network traces, or through authentication relay attacks to gain unauthorized access to the victim's intended server (SecurityOnline).

Microsoft released a patch for this vulnerability on December 12, 2023, categorizing it as 'important.' To protect against NTLM v2 attacks, organizations should enable SMB signing, block outgoing NTLM v2 authentication (available in Windows 11 build 25951 and later), and enforce Kerberos authentication where possible (SecurityOnline).