|
|
|
|
|
|
by jenoer
1190 days ago
|
|
|
This is a pretty big one (9.8). > The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. > External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim. Microsoft has released a script to check for abuse:
https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-2... |
|
|