Announcement of the Government Commissioner for Cyber ​​Security!  A security vulnerability in the mail tool!

The government’s commissioner for cybersecurity has made a special announcement about a security hole in a popular email tool. Take care of your security on the Internet.

picture. Warsaw in a nutshell

Vulnerabilities, that is, bugs and security holes, also occur in commonly used products of major suppliers. Microsoft has published information about a critical (ie, widespread, exploitable) vulnerability in the Outlook on Windows app. It can lead to remote account takeover, without the user’s involvement.

The vulnerability has been actively used in attacks by a group affiliated with the Russian government since April 2022, including in Poland.
We recommend immediate action by administrators of all organizations whose users use email through the Microsoft Outlook client.

How it works?
The vulnerability allows you to take control of the user account in two ways. One method allows you to recover your password through a dictionary attack, which is one that uses trial and error to discover your login details. It is easier to carry out such an attack when we have a short password – then the number of combinations that need to be checked is smaller. The second method allows you to use the user’s session directly to sign in to other services of the organization.

It is enough for the victim to receive the appropriate email message to carry out the attack. No user action is required. The attack can be carried out remotely. The obtained domain password can be used to log in to other publicly available company services. If two-factor authentication is not used, this could lead to an attacker gaining access to the corporate network.

How do you defend yourself?
All versions of Microsoft Outlook for Windows are vulnerable. Android, iOS, or macOS versions are not affected. Nor are cloud services like Microsoft 365 vulnerable.

The first step for administrators to take is to update the application according to the instructions on the dedicated website: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397.

We also recommend that you familiarize yourself with the recommendations prepared by the CERT Polska team and available here: Exploiting Critical Microsoft Outlook Vulnerability (CVE-2023-23397) | CERT Poland

It should also be noted that the use of strong passwords will greatly hinder the use of vulnerabilities by cybercriminals. You can read about how these passwords are created here: Passwords | CERT Poland. Also an important recommendation is the use of two-factor authentication, particularly for services viewed on the Internet.

How can organizations verify their security?
Microsoft has released a tool that allows organizations to check whether users have received messages that allow for exploits. It is available to administrators here:

https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/.

If attempts to exploit the vulnerabilities are detected, it will be necessary to initiate an incident handling procedure and contact the appropriate CSIRT.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

AliExpress has opened its center – Pabianice in Konstantynów Łódzki

AliExpress shipments from Konstantynów Łódzki will be delivered to Poland, but also…

13 reasons to apply for a disability certificate [Wzory, 30 września 2024 r.]

Persons with disabilities submit applications for extension of the validity of disability…

Benefits for anti-communist opposition activists have increased significantly. “Such miracles before the elections.”

Monthly cash benefits for anti-communist opposition activists have nearly tripled since Sept.…

The Health Inspection Directorate warns. Popular chips pulled from stores

The head of the health inspectorate warns against the popular cheese chips.…