Outlook Zero-Day Needs Quick Patching - Microsoft

28-Mar-23

Microsoft said earlier this month that between mid-April and December 2022, a zero-day vulnerability in Outlook, the company’s core email management programme, was exploited by the Russian hacking outfit Fancy Bear, also known as APT28. To help clients find IoCs linked to the vulnerability and reduce the attack surface, the business has offered more information and advice.

The CVE-2023-23397 privilege elevation/authentication bypass issue, with a CVSS score of 9.8, was initially reported in mid-March. Microsoft Office 2019, Microsoft Outlook 2016, and Microsoft Outlook 2013 are all affected, as are all supported versions of Microsoft Outlook for Windows.

Read More…