- Aug 17, 2017
Microsoft yesterday released a patch for the security flaw but it has been exploited as a zero-day vulnerability in NTLM-relay attacks since at least mid-April 2022.The issue is a privilege escalation vulnerability with a 9.8 severity rating that affects all versions of Microsoft Outlook on Windows. An attacker can use it to steal NTLM credentials by simply sending the target a malicious email. No user interaction is needed as exploitation occurs when Outlook is open and the remainder is triggered on the system.
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email.