Microsoft has also released an audit tool to help businesses determine if there was a breach. For now, you should also limit using the New Technology LAN Manager (NTLM).Ĭompanies can also block outbound SMB traffic over port 445. The first step is to install the latest security update for Microsoft Outlook. Malicious email, it automatically starts the process remotely. The victim doesn’t even have to do anything for this to happen. This can expose login credentials, which the hacker can use for unauthorized access. The victim's computer then loads the notification sound from a server controlled by the threat actor. The problem is that the audio file is on a remote server.Ĭybercriminals can send malicious emails posing as calendar invites. The flaw comes from a Microsoft Outlook feature that allows users to customize their However, Outlook on the web, Android, iOS, Mac, and Microsoft 365 services are unaffected. The CVE-2023-2339 flaw affects all supported Windows Outlook versions. It could let hackers steal sensitive information from user accounts and send malicious emails as if they were the user. This flaw, CVE-2023-2339, is a zero-click vulnerability. Microsoft recently fixed a serious security flaw in Outlook that scored a 9.8 on the Common Vulnerability Scoring System.
0 Comments
Leave a Reply. |