Скачать или смотреть HOW HACKERS ARE STEALING YOUR MICROSOFT PASSWORDS

CVE-2023-23397, or the Outlook NTML Leak, was patched on March 14, 2023. This exploit impacted all versions of Outlook desktop app in Windows. The biggest danger involved in this exploit was the zero-click trigger that occurred when an infected email arrived in a user's inbox.

The attack works by including a reference to a sound file in a network share in the attacker's machine. This is achieved by changing the PidLidReminderOverride to true which takes on hierarchy over the victim's default reminder configurations and reaching out for the attacker's UNC path instead of a local file.

When the victim's malicious email sets off the appointment reminder, the UNC path directs their machine to the SMB share which triggers the vulnerability and initiates the NTLM authentication against the attacker's machine, leaking the victim's Net-NTLMv2 hash.

Microsoft has released recommended steps to avoid the CVE-2023-23397 attack. These steps include the following:
1. Add users to the Protected Users Security Group, preventing the use of NTLM as a form of authentication
2. Block TCP 445/SMB outbound from network to avoid post-exploitation connection
3. Use their PowerShell script to scan against the Exchange server to detect any attack attempt
4. Disable WebClient service to avoid webdav connection

#shorts #cybersecurity #outlook #emailsecurity