NEW ACTION1 PLATFORM: NOW WITH MACOS SUPPORT

This Wednesday | 12 PM EST / 11 AM CET

Action1 5 Blog 5 Microsoft Outlook Zero-Day Threat: Action1 solution

Microsoft Outlook Zero-Day Threat: Action1 solution

March 24, 2023

By Peter Barnett

Recently, Microsoft has recently identified a zero-day vulnerability, CVE-2023-23397, in its popular email client Outlook. The successful attack can be executed without any user interaction by sending a specially crafted email which triggers automatically when retrieved by Outlook from the email server. Fortunately, Microsoft has released a patch to fix this vulnerability. However, if you are using a Click-To-Run version of Microsoft Office, you may not receive this update via Microsoft Update.

Action1 Script to Update Microsoft Office Click-To-Run

Action1 has developed a script that can initiate the update to a Click-To-Run installation of Microsoft Office, including the update that addresses the Outlook vulnerability. This script is available in the Script Library of the Action1 platform.

Here’s how to use the script:

1. Log in to your Action1 account.
2. Navigate to the Script Library and locate the “Update Microsoft Office Click-To-Run” script.
3. Click on “Run Script” and select the endpoints that you want to update.
4. Sit back and relax while the script takes care of the rest.

With this script, you can ensure that your Click-To-Run version of Microsoft Office is up-to-date and protected from the recent Outlook vulnerability.

Microsoft Outlook Elevation of Privilege Vulnerability.

This vulnerability has been rated with a high risk score of 9.8 and affects all versions of Microsoft Outlook from 2013 onwards. Microsoft has confirmed that this vulnerability is already being exploited in the wild, making it critical for organizations to take immediate action to protect themselves.

The attack is executed when an Outlook instance running on a user machine retrieves a specially crafted email, without any user interaction. The exploit occurs even before the email is viewed in the Preview Pane. If the attack is successful, the attacker gains access to a user’s Net-NTLMv2 hash, which can be used to execute a pass-the-hash attack on another service and authenticate as the user. This attack can result in serious damage, including unauthorized access to sensitive information and resources.

To mitigate the risk, Microsoft has recommended updating Outlook to the latest version. However, if updating is not feasible, adding privileged users such as Domain Admins to the Protected Users Security Group can help prevent the use of NTLM as an authentication mechanism. Blocking TCP 445/SMB outbound from your network via perimeter firewalls, local firewalls, and VPN settings can also help prevent the sending of NTLM authentication messages to file shares on your network.

However, to ensure the highest level of security, the best course of action is to install the Microsoft update on all systems after testing it in a controlled environment. It is critical for organizations to take immediate action to protect themselves against this vulnerability.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts