Disclosure of NTLM credentials by abuse of Microsoft Outlook vulnerability

16. March 2023

Microsoft has detected an abuse of vulnerability CVE-2023-23397, enabling the attacker to steal your Windows OS NTLM logging password hash value, using a message sent to an Outlook user’s address. The attacker can use the stolen password to logg in to other accounts connected via the services requiring NTLM authentication.

Microsoft Outlook versions not supporting NTLM authentication (Android, iOS, macOS and O365) are exempt from this vulnerability.

The National CERT strongly recommends that users of other Microsoft Outlook versions urgently run update of the product, downloading its latest version, and check for the signs of vulnerability abuse. In case the vulnerability is discovered, we advise concerned users to change their password for all services affected by the vulnerability and to report the attempts of abuse to the National CERT.





The website www.cert.rs uses cookies for improvement of user experience and website functionality. By continuing to browse this website, you agree to the use of cookies.