Vulnerability Details : CVE-2023-23397
Microsoft Outlook Elevation of Privilege Vulnerability
Vulnerability category: Gain privilege
CVE-2023-23397 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Office Outlook Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
Added on
2023-03-14
Action due date
2023-04-04
Exploit prediction scoring system (EPSS) score for CVE-2023-23397
86.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less