Microsoft Outlook Credential Theft
March 20th 2023
There is a release from Microsoft and from the Government of Canada regarding malicious code that auto-executes as soon as it lands in Outlook’s inbox. It doesn’t require a click. This code is steals saved credentials stored in Outlook providing O365 access to hijackers.
Government of Canada Notice:
https://www.cyber.gc.ca/en/alerts-advisories/microsoft-outlook-zero-day-vulnerability-allowing-ntlm-credential-theft
Microsoft Notice:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
In the event where email credentials are stolen, it could be much larger issue if the email is running on Office 365 as it could open the door to unauthorized access to OneDrive, SharePoint or potentially the Microsoft tenant if the user compromised happens to be the tenant administrator.
To mitigate this exploit, port 445 on your router or firewall needs to be blocked as this exploit uses it to communicate the stolen credentials. Then perform a Windows update to version 22H2 for Windows 10 or Windows 11.
Should you have any questions, please feel free to reach out at 403.280.7224 or at info@psicorpgroup.com.
For existing clients of PSICORP, we will be reaching out to you to address this issue. Thank you.
Government of Canada Notice:
https://www.cyber.gc.ca/en/alerts-advisories/microsoft-outlook-zero-day-vulnerability-allowing-ntlm-credential-theft
Microsoft Notice:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
In the event where email credentials are stolen, it could be much larger issue if the email is running on Office 365 as it could open the door to unauthorized access to OneDrive, SharePoint or potentially the Microsoft tenant if the user compromised happens to be the tenant administrator.
To mitigate this exploit, port 445 on your router or firewall needs to be blocked as this exploit uses it to communicate the stolen credentials. Then perform a Windows update to version 22H2 for Windows 10 or Windows 11.
Should you have any questions, please feel free to reach out at 403.280.7224 or at info@psicorpgroup.com.
For existing clients of PSICORP, we will be reaching out to you to address this issue. Thank you.
Click to close