Microsoft updates fix for Outlook vulnerability

By Owen May 16, 2023 Technology 0 Comments

Microsoft has patched a brand new zero-click vulnerability in Outlook. It had arisen after closing an earlier leak within the e-mail utility.

The brand new zero-click vulnerability in Outlook, codenamed CVE-2023-29324, affected all supported Home windows variations and was found by Ben Barnea, safety researcher at Akamai. “All Home windows variations are affected by this vulnerability and by extension all shopper variations of Outlook on Home windows,” mentioned Barnea on the weblog from the corporate.

The unique vulnerability (CVE-2023-23397) was patched in March. It involved an escalation of entry privileges within the shopper model of Outlook. Attackers may steal NTLM hashes by way of a cyber assault with out consumer interplay (therefore the time period zero-click, ed.). Particularly, hackers may ship messages with prolonged MAPI properties containing UNC paths to customized notification sounds. Consequently, the Outlook shopper then related to the hackers’ SMB shares.

Microsoft closes leak once more

Microsoft patched the vulnerability by including a MapUrlToZone command in order that the UNC paths may not hyperlink to Web URLs. Customized sounds from on-line sources had been additionally routinely changed with default sounds.

The newest vulnerability was in reminders. These messages might be modified, in order that the MapUrlToZone might be tricked into mistaking distant paths for native paths. That bypassed the unique resolution and nonetheless gave hackers entry. “The difficulty seems to be because of a fancy path construction in Home windows,” mentioned Barnea. Microsoft warns now that clients want to put in the updates to patch each leaks.

Microsoft knowledgeable Bleeping Pc that the vulnerability was exploited by Russian state hackers, also called STRONTIUM, Sednit, Sofacy or Fancy Bear. They carried out assaults on at the least 14 targets final yr, together with governments, the army, power suppliers and transport organizations. Microsoft has one script launched that permits Change admins to test if their servers have been compromised.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Microsoft closes leak once more

Related Posts