Return to list of client alerts
Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation.
Now it’s becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are warning. Since disclosure just a few days ago, more proof-of-concept (PoC) exploits have sprung onto the scene, which are sure to translate into snowballing criminal interest.
That is helped along by the fact that no user interaction is required for exploitation.
In fact, the way the exploit works, the attack could be launched before the victim sees the email and, in fact, the victim does not even need to open the message for the attack to work.
Patch now! Credit: Dark Reading