Close
Save
NERDS AT YOUR DISPOSAL Call 403.280.7224
Facebook 403.280.7224

Tech Tips


 

Blog

Microsoft Outlook Credential Theft

March 20th 2023
There is a release from Microsoft and from the Government of Canada regarding malicious code that auto-executes as soon as it lands in Outlook’s inbox.  It doesn’t require a click.  This code is steals saved credentials stored in Outlook providing O365 access to hijackers.
 
Government of Canada Notice:
https://www.cyber.gc.ca/en/alerts-advisories/microsoft-outlook-zero-day-vulnerability-allowing-ntlm-credential-theft
 
Microsoft Notice:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
 
In the event where email credentials are stolen, it could be much larger issue if the email is running on Office 365 as it could open the door to unauthorized access to OneDrive, SharePoint or potentially the Microsoft tenant if the user compromised happens to be the tenant administrator.
 
To mitigate this exploit, port 445 on your router or firewall needs to be blocked as this exploit uses it to communicate the stolen credentials.  Then perform a Windows update to version 22H2 for Windows 10 or Windows 11.
 
Should you have any questions, please feel free to reach out at 403.280.7224 or at info@psicorpgroup.com.
 
For existing clients of PSICORP, we will be reaching out to you to address this issue.  Thank you.

Click to close