The government’s commissioner for cybersecurity has made a special announcement about a security hole in a popular email tool. Take care of your security on the Internet.
Vulnerabilities, that is, bugs and security holes, also occur in commonly used products of major suppliers. Microsoft has published information about a critical (ie, widespread, exploitable) vulnerability in the Outlook on Windows app. It can lead to remote account takeover, without the user’s involvement.
The vulnerability has been actively used in attacks by a group affiliated with the Russian government since April 2022, including in Poland.
We recommend immediate action by administrators of all organizations whose users use email through the Microsoft Outlook client.
How it works?
The vulnerability allows you to take control of the user account in two ways. One method allows you to recover your password through a dictionary attack, which is one that uses trial and error to discover your login details. It is easier to carry out such an attack when we have a short password – then the number of combinations that need to be checked is smaller. The second method allows you to use the user’s session directly to sign in to other services of the organization.
It is enough for the victim to receive the appropriate email message to carry out the attack. No user action is required. The attack can be carried out remotely. The obtained domain password can be used to log in to other publicly available company services. If two-factor authentication is not used, this could lead to an attacker gaining access to the corporate network.
How do you defend yourself?
All versions of Microsoft Outlook for Windows are vulnerable. Android, iOS, or macOS versions are not affected. Nor are cloud services like Microsoft 365 vulnerable.
The first step for administrators to take is to update the application according to the instructions on the dedicated website: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397.
We also recommend that you familiarize yourself with the recommendations prepared by the CERT Polska team and available here: Exploiting Critical Microsoft Outlook Vulnerability (CVE-2023-23397) | CERT Poland
It should also be noted that the use of strong passwords will greatly hinder the use of vulnerabilities by cybercriminals. You can read about how these passwords are created here: Passwords | CERT Poland. Also an important recommendation is the use of two-factor authentication, particularly for services viewed on the Internet.
How can organizations verify their security?
Microsoft has released a tool that allows organizations to check whether users have received messages that allow for exploits. It is available to administrators here:
https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/.
If attempts to exploit the vulnerabilities are detected, it will be necessary to initiate an incident handling procedure and contact the appropriate CSIRT.
Echo Richards embodies a personality that is a delightful contradiction: a humble musicaholic who never brags about her expansive knowledge of both classic and contemporary tunes. Infuriatingly modest, one would never know from a mere conversation how deeply entrenched she is in the world of music. This passion seamlessly translates into her problem-solving skills, with Echo often drawing inspiration from melodies and rhythms. A voracious reader, she dives deep into literature, using stories to influence her own hardcore writing. Her spirited advocacy for alcohol isn’t about mere indulgence, but about celebrating life’s poignant moments.