During this month’s patch releases from Microsoft, our experts have noted that there is a critical vulnerability that has been publicly disclosed prior to a patch being available. This vulnerability impacts Microsoft Outlook and requires zero user interaction to exploit.
CVE-2023-23397 – CVSS Score 9.8 – Critical
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
This represents a significant threat and the vulnerability has been attributed to a Russian-backed threat actor. Due to the nature of this vulnerability, taking swift action is of paramount importance to protect your environment. Please see below the following steps for remediation, as well as additional steps that Transparity Cyber are taking to establish any signs of compromise in our customers’ environment.
There is a patch available that addresses this vulnerability which is delivered in the latest Microsoft Office updates. For Windows, Microsoft Office click-to-run installs should be configured for automatic updates, so your environment should receive these patches over the coming days, however, due to the severity, Transparity Cyber recommend the additional steps:
Note: If you do not use Microsoft Office click-to-run and instead deploy and manage Microsoft Office via an MSI install, or you deploy office to a non-windows platform please contact us for further guidance as the update process may differ.
Microsoft have released a script to check Microsoft Exchange servers and Microsoft Exchange online for exposure to any compromise as a result of this vulnerability. Transparity will be running this across customers and will report back with the results.
