Announcement of the Government Commissioner for Cyber ​​Security!  A security vulnerability in the mail tool!

The government’s commissioner for cybersecurity has made a special announcement about a security hole in a popular email tool. Take care of your security on the Internet.

picture. Warsaw in a nutshell

Vulnerabilities, that is, bugs and security holes, also occur in commonly used products of major suppliers. Microsoft has published information about a critical (ie, widespread, exploitable) vulnerability in the Outlook on Windows app. It can lead to remote account takeover, without the user’s involvement.

The vulnerability has been actively used in attacks by a group affiliated with the Russian government since April 2022, including in Poland.
We recommend immediate action by administrators of all organizations whose users use email through the Microsoft Outlook client.

How it works?
The vulnerability allows you to take control of the user account in two ways. One method allows you to recover your password through a dictionary attack, which is one that uses trial and error to discover your login details. It is easier to carry out such an attack when we have a short password – then the number of combinations that need to be checked is smaller. The second method allows you to use the user’s session directly to sign in to other services of the organization.

It is enough for the victim to receive the appropriate email message to carry out the attack. No user action is required. The attack can be carried out remotely. The obtained domain password can be used to log in to other publicly available company services. If two-factor authentication is not used, this could lead to an attacker gaining access to the corporate network.

How do you defend yourself?
All versions of Microsoft Outlook for Windows are vulnerable. Android, iOS, or macOS versions are not affected. Nor are cloud services like Microsoft 365 vulnerable.

The first step for administrators to take is to update the application according to the instructions on the dedicated website: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397.

We also recommend that you familiarize yourself with the recommendations prepared by the CERT Polska team and available here: Exploiting Critical Microsoft Outlook Vulnerability (CVE-2023-23397) | CERT Poland

It should also be noted that the use of strong passwords will greatly hinder the use of vulnerabilities by cybercriminals. You can read about how these passwords are created here: Passwords | CERT Poland. Also an important recommendation is the use of two-factor authentication, particularly for services viewed on the Internet.

How can organizations verify their security?
Microsoft has released a tool that allows organizations to check whether users have received messages that allow for exploits. It is available to administrators here:

https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/.

If attempts to exploit the vulnerabilities are detected, it will be necessary to initiate an incident handling procedure and contact the appropriate CSIRT.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

RF: Consumer loan settlement claims will begin to expire

December 18 this year marks 10 years since the May 12, 2011…

The Poles were arguing on the plane. Emergency landing and police procedures

The Friday quarrel he caused Eight Polish passengers aged between 27 and…

Prices for apartments in the deal will be available to everyone. There is a revolution in the market

At the beginning of 2024, the Ministry of Agriculture and Tourism will…

Digital Terrestrial Television Without Signal Multiplexing TVN Polsat DVB-T2 / HEVC

The transition to DVB-T2 / HEVC was ongoing in Poland from the…