Outlook | Breaking Cybersecurity News | The Hacker News

A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its  Patch Tuesday updates  for December 2023. "In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft  said  in an advisory released last month. "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability." Put differently, the adversary would have to convince users to click a link, either embedded in a phishing email or sent via an instant message, and then deceive them into opening the file in question. CVE-202

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security researcher Ben Barnea, who discovered the vulnerabilities, said in a  two-part   report  shared with The Hacker News. The security issues, which were addressed by Microsoft in  August  and  October 2023 , respectively, are listed below - CVE-2023-35384  (CVSS score: 5.4) - Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2023-36710  (CVSS score: 7.8) - Windows Media Foundation Core Remote Code Execution Vulnerability CVE-2023-35384 has been described by Akamai as a bypass for a critical security flaw that Microsoft patched in March 2023. Tracked as  CVE-2023-23397  (C

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant  attributed  the intrusions to a threat actor it called  Forest Blizzard  (formerly Strontium), which is also widely tracked under the monikers APT28, BlueDelta, Fancy Bear, FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422. The security vulnerability in question is  CVE-2023-23397  (CVSS score: 9.8), a critical privilege escalation bug that could allow an adversary to access a user's Net-NTLMv2 hash that could then be used to conduct a relay attack against another service to authenticate as the user. It was patched by Microsoft in March 2023. The goal, according to the Polish Cyber Command (DKWOC), is to obtain unauthorized access to mailboxes belonging to public and private entities in the country. "In the next stage of malici

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the  critical flaw  relates to a case of privilege escalation that could be exploited to steal NT LAN Manager (NTLM) hashes and stage a  relay attack  without requiring any user interaction. "External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control," the company  noted  in an advisory released this month. "This will leak the  Net-NTLMv2 hash  of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim." The vulnerability was resolved by Microsoft as part of its  Patch Tuesday updates  for March 2023, but not before Russia-based threat actors weaponized the flaw in attacks targeting government, transportation, en

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of  80 security flaws , two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in  addition to 29 flaws  the tech giant fixed in its Chromium-based Edge browser in recent weeks. The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw ( CVE-2023-23397 , CVSS score: 9.8) and a Windows SmartScreen security feature bypass ( CVE-2023-24880 , CVSS score: 5.1). CVE-2023-23397 is "triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server," Microsoft  said  in a standalone advisory. A threat actor could leverage this flaw by sending a specially crafted email, activating it automatically when it is retrieved and pr