cvelistv5 - CVE-2023-23397

CVE-2023-23397 (GCVE-0-2023-23397)

Vulnerability from cvelistv5

Published

2023-03-14 16:55

Modified

2025-10-21 23:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Summary

Microsoft Outlook Elevation of Privilege Vulnerability

References

URL

Tags

secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397

Impacted products

Vendor

Product

Version

Microsoft

Microsoft Office LTSC 2021

Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases

Microsoft	Microsoft Outlook 2016	Version: 16.0.0.0 < 16.0.5387.1000
Microsoft	Microsoft 365 Apps for Enterprise	Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases
Microsoft	Microsoft Office 2019	Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases
Microsoft	Microsoft Outlook 2013 Service Pack 1	Version: 15.0.0.0 < 15.0.5537.1000

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-03-14

Due date: 2023-04-04

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Outlook Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23397",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-21T18:47:26.732010Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-03-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:23.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-03-14T00:00:00+00:00",
            "value": "CVE-2023-23397 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Outlook 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5387.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Outlook 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5537.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*",
                  "versionEndExcluding": "16.0.5387.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.5537.1000",
                  "versionStartIncluding": "15.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-03-14T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:48:07.606Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Outlook Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
        }
      ],
      "title": "Microsoft Outlook Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-23397",
    "datePublished": "2023-03-14T16:55:28.168Z",
    "dateReserved": "2023-01-11T22:08:03.137Z",
    "dateUpdated": "2025-10-21T23:15:23.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-23397",
      "cwes": "[\"CWE-294\"]",
      "dateAdded": "2023-03-14",
      "dueDate": "2023-04-04",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ;  https://nvd.nist.gov/vuln/detail/CVE-2023-23397",
      "product": "Office",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Office Outlook Privilege Escalation Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23397\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-03-14T17:15:13.263\",\"lastModified\":\"2025-10-22T00:18:15.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Outlook Elevation of Privilege Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-03-14\",\"cisaActionDue\":\"2023-04-04\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Office Outlook Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-294\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"40C15EDD-98D4-4D06-BA06-21AE0F33C72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF177984-A906-43FA-BF60-298133FBBD6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*\",\"matchCriteriaId\":\"8D513A61-6427-4F85-AADF-99D6F223AF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B1657C-0FF4-461A-BE2A-641275C4B0A0\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\", \"name\": \"Microsoft Outlook Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:28:40.887Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23397\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-21T18:47:26.732010Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-03-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-03-14T00:00:00+00:00\", \"value\": \"CVE-2023-23397 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T18:34:19.807Z\"}}], \"cna\": {\"title\": \"Microsoft Outlook Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Outlook 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.5387.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Outlook 2013 Service Pack 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0.0\", \"lessThan\": \"15.0.5537.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\", \"32-bit Systems\"]}], \"datePublic\": \"2023-03-14T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\", \"name\": \"Microsoft Outlook Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Outlook Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5387.1000\", \"versionStartIncluding\": \"16.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"19.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.5537.1000\", \"versionStartIncluding\": \"15.0.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-01-01T00:48:07.606Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23397\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:23.783Z\", \"dateReserved\": \"2023-01-11T22:08:03.137Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-03-14T16:55:28.168Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2023-23397

Vulnerability from fkie_nvd

Published

2023-03-14 17:15

Modified

2025-10-22 00:18

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Microsoft Outlook Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	office	2019
microsoft	office_long_term_servicing_channel	2021
microsoft	outlook	2013
microsoft	outlook	2013
microsoft	outlook	2016

JSON

To clipboard

{
  "cisaActionDue": "2023-04-04",
  "cisaExploitAdd": "2023-03-14",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Office Outlook Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*",
              "matchCriteriaId": "8D513A61-6427-4F85-AADF-99D6F223AF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
    }
  ],
  "id": "CVE-2023-23397",
  "lastModified": "2025-10-22T00:18:15.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-14T17:15:13.263",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2023-AVI-0231

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un déni de service, une usurpation d'identité, une élévation de privilèges et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office pour Android
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits)
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour Mac
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC pour Mac 2021
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office pour Universal
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office Online Server
Microsoft	Office	Microsoft SharePoint Server Subscription Edition
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft Office 2016 (édition 64 bits)
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2016 (édition 32 bits)
Microsoft	Office	Microsoft SharePoint Server 2019
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Outlook 2013 RT Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-23396 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24910 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23395 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23398 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23391 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23399 du 14 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office pour Android",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC pour Mac 2021",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Universal",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Online Server",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-23391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23391"
    },
    {
      "name": "CVE-2023-23395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23395"
    },
    {
      "name": "CVE-2023-23398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23398"
    },
    {
      "name": "CVE-2023-23396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23396"
    },
    {
      "name": "CVE-2023-23399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23399"
    },
    {
      "name": "CVE-2023-24910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24910"
    }
  ],
  "initial_release_date": "2023-03-15T00:00:00",
  "last_revision_date": "2023-03-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23396 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24910 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23395 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23398 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23391 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23399 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399"
    }
  ],
  "reference": "CERTFR-2023-AVI-0231",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service, une usurpation d\u0027identit\u00e9, une\n\u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2023-AVI-0234

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une usurpation d'identité, une élévation de privilèges, une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	OneDrive pour Android
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.0
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.5
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 à 16.10)
Microsoft	N/A	Microsoft Malware Protection Engine
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	OneDrive pour MacOS Installer
Microsoft	N/A	OneDrive pour iOS
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 à 15.8)
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-23946 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24920 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24891 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24919 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24882 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23398 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24879 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24890 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24921 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-22490 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23618 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24930 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23399 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-22743 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24923 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24922 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23389 du 14 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OneDrive pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 \u00e0 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Malware Protection Engine",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour MacOS Installer",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 \u00e0 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
    },
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-24930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24930"
    },
    {
      "name": "CVE-2023-23398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23398"
    },
    {
      "name": "CVE-2023-24923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24923"
    },
    {
      "name": "CVE-2023-22490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
    },
    {
      "name": "CVE-2023-24891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24891"
    },
    {
      "name": "CVE-2023-24920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24920"
    },
    {
      "name": "CVE-2023-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22743"
    },
    {
      "name": "CVE-2023-23399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23399"
    },
    {
      "name": "CVE-2023-24890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24890"
    },
    {
      "name": "CVE-2023-24882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24882"
    },
    {
      "name": "CVE-2023-23618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23618"
    },
    {
      "name": "CVE-2023-24879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24879"
    },
    {
      "name": "CVE-2023-24919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24919"
    },
    {
      "name": "CVE-2023-23389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23389"
    },
    {
      "name": "CVE-2023-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24921"
    },
    {
      "name": "CVE-2023-24922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24922"
    }
  ],
  "initial_release_date": "2023-03-15T00:00:00",
  "last_revision_date": "2023-03-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23946 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23946"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24920 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24920"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24891 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24891"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24919 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24919"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24882 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24882"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23398 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24879 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24879"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24890 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24890"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24921 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24921"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-22490 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-22490"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23618 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23618"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24930 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24930"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23399 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-22743 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-22743"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24923 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24923"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24922 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24922"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23389 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23389"
    }
  ],
  "reference": "CERTFR-2023-AVI-0234",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une usurpation d\u0027identit\u00e9, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une ex\u00e9cution de code\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

gsd-2023-23397

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Microsoft Outlook Elevation of Privilege Vulnerability

Aliases

CVE-2023-23397

Aliases

CVE-2023-23397

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23397",
    "id": "GSD-2023-23397"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23397"
      ],
      "details": "Microsoft Outlook Elevation of Privilege Vulnerability",
      "id": "GSD-2023-23397",
      "modified": "2023-12-13T01:20:49.448973Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-23397",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Office LTSC 2021",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Outlook 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0.0",
                          "version_value": "16.0.5387.1000"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft 365 Apps for Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Office 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "19.0.0",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Outlook 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0.0",
                          "version_value": "15.0.5537.1000"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2023-23397"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-294"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-20T14:00Z",
      "publishedDate": "2023-03-14T17:15Z"
    }
  }
}

CERTFR-2023-ALE-002

Vulnerability from certfr_alerte

[mise à jour du 11 mai 2023] Possibilité de contournement du correctif proposé par l'éditeur par le biais de la CVE-2023-29324

[mise à jour du 20 avril 2023] clarification de la recommandation pour le filtrage du flux SMB

[mise à jour du 29 mars 2023] complément d'information et recommandation

En date du 14 mars 2023, lors de sa mise à jour mensuelle, Microsoft a indiqué l'existence d'une vulnérabilité CVE-2023-23397 affectant diverses versions du produit Outlook pour Windows qui permet à un attaquant de récupérer le condensat Net-NTLMv2 (new technology LAN manager).

Microsoft indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées. Par ailleurs, le CERT-FR a connaissance d'une première preuve de concept publique (non encore qualifiée).

La vulnérabilité ne requiert pas d'intervention de l'utilisateur. Elle est déclenchée lorsqu'un attaquant envoie un message contenant un lien UNC (Universal Naming Convention) vers une ressource partagée en SMB hébergée sur un serveur qui serait sous contrôle de l'attaquant. Durant la connexion SMB au serveur malveillant, le message d’authentification NTLM pour la négociation de l'authentification est envoyé, l'attaquant peut ainsi le relayer auprès d'autres services supportant ce type d'authentification pour obtenir un accès valide.

L'éditeur indique que les version d'Outlook pour Android, iOS, Mac, mais aussi la version web et les services M365 ne sont pas vulnérables.

Microsoft a publié un code Powershell et une documentation permettant de vérifier si un système a été la cible d'une attaque. Le script remonte les courriels, tâches et invitations de calendrier pointant vers un partage potentiellement non-maîtrisé. Ces éléments doivent être passés en revue afin de déterminer leur légitimité et, dans le cas contraire, ils doivent faire l'objet d'une investigation (contrôler l'existence de connexions sortantes associées, lister les connexions réalisées à l'aide du compte utilisateur, etc.) pour prendre les mesures de remédiation appropriées.

[mise à jour du 20 avril 2023] Le 24 mars 2023, Microsoft a publié un guide d'investigation documentant les différents contrôles à mener et les indicateurs de compromission à chercher. Il convient de noter que ce guide apporte plusieurs éléments techniques qui sont également à prendre en compte :

Pour prévenir une exploitation menée par un attaquant utilisant une machine distante pour collecter les condensats Net-NTLMv2, il convient d'interdire les flux SMB en sortie du système d'information (TCP/445). Cette règle s'impose également aux postes nomades, dont les flux doivent être sécurisés (cf. les règles R16 à R18 du guide ANSSI pour le nomadisme numérique [2]).
La mise à jour de sécurité de Microsoft Exchange Server du mois de mars 2023 permet de prévenir l'exploitation de la vulnérabilité en supprimant automatiquement les courriels dont la propriété PidLidReminderFileParameter est définie. Ce correctif ne corrige pas la vulnérabilité intrinsèque au client Outlook mais empêche son exploitation.

[mise à jour du 11 mai 2023] Le 9 mai, Microsoft a publié un correctif pour une vulnérabilité dont l'identifiant est CVE-2023-29324. Cette vulnérabilité permet de continuer à exploiter la vulnérabilité CVE-2023-23397 avec un lien UNC spécialement construit par l'attaquant [3] si le correctif de sécurité de mars 2023 pour les serveurs Microsoft Exchange n'a pas été appliqué (cf. la mise à jour de l'alerte du 20 avril).

Afin de respecter le principe de défense en profondeur, le CERT-FR recommande d'appliquer la mise à jour de mai 2023 (correction de la vulnérabilité CVE-2023-29324).

Solution

Le CERT-FR recommande fortement d’appliquer la mise à jour fournie par Microsoft, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer la mise à jour de sécurité de mars 2023 pour Microsoft Exchange Server.

[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer les mises à jour de sécurité de mars et de mai 2023 pour Microsoft Exchange Server.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Entreprise pour systèmes 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Entreprise pour systèmes 64 bits
Microsoft	N/A	Microsoft Outlook 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Outlook 2016 (édition 32 bits)

References

Title

Publication Time

Tags

[1] Guide d'investigation Microsoft du 24 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Billet de blogue Microsoft du 14 mars 2023	None	vendor-advisory
[3] Billet de blog du découvreur de la CVE-2023-29324	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Documentation et code Powershell fournis par Microsoft pour l'identification de compromission	-	other
[2] Guide ANSSI pour le nomadisme numérique	-	other
Avis CERTFR-2023-AVI-0231 du 15 mars 2023	-	other
Les bons réflexes en cas d’intrusion sur un système d’information	-	other
Avis CERTFR-2023-AVI-0234 du 15 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2023-07-26",
  "content": "## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer la mise \u00e0 jour fournie par\nMicrosoft, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n\n**\\[mise \u00e0 jour du 29 mars 2023\\]** Le CERT-FR recommande fortement\nd\u0027appliquer la mise \u00e0 jour de s\u00e9curit\u00e9 de mars 2023 pour Microsoft\nExchange Server.\n\n\u003cspan style=\"color: #ff0000;\"\u003e**\\[mise \u00e0 jour du 29 mars 2023\\]**\u003c/span\u003e\nLe CERT-FR recommande fortement d\u0027appliquer les mises \u00e0 jour de s\u00e9curit\u00e9\nde mars \u003cu\u003eet\u003c/u\u003e de mai 2023 pour Microsoft Exchange Server.\n",
  "cves": [
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-29324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
    }
  ],
  "initial_release_date": "2023-03-15T00:00:00",
  "last_revision_date": "2023-05-11T00:00:00",
  "links": [
    {
      "title": "[3] Billet de blog du d\u00e9couvreur de la CVE-2023-29324",
      "url": "https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Documentation et code Powershell fournis par Microsoft pour l\u0027identification de compromission",
      "url": "https://aka.ms/CVE-2023-23397ScriptDoc"
    },
    {
      "title": "[2] Guide ANSSI pour le nomadisme num\u00e9rique",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    },
    {
      "title": "Avis CERTFR-2023-AVI-0231 du 15 mars 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0231/"
    },
    {
      "title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Avis CERTFR-2023-AVI-0234 du 15 mars 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0234/"
    }
  ],
  "reference": "CERTFR-2023-ALE-002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    },
    {
      "description": "Clarifications mineures",
      "revision_date": "2023-03-16T00:00:00.000000"
    },
    {
      "description": "clarification de la recommadation pour le filtrage du flux SMB",
      "revision_date": "2023-04-20T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-29324",
      "revision_date": "2023-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\nPossibilit\u00e9 de contournement du correctif propos\u00e9 par l\u0027\u00e9diteur par le\nbiais de la CVE-2023-29324\u003c/strong\u003e\u003c/span\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\] clarification de la recommandation\npour le filtrage du flux SMB\u003c/strong\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 29 mars 2023\\] compl\u00e9ment d\u0027information et\nrecommandation  \n\u003c/strong\u003e\n\nEn date du 14 mars 2023, \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003elors\nde sa mise \u00e0 jour mensuelle\u003c/span\u003e, Microsoft a indiqu\u00e9 l\u0027existence\nd\u0027une vuln\u00e9rabilit\u00e9 CVE-2023-23397 affectant diverses versions du\nproduit Outlook pour Windows qui permet \u00e0 un attaquant \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003ede r\u00e9cup\u00e9rer le condensat\n\u003c/span\u003e*Net-NTLMv2* (*new technology LAN manager*).\n\nMicrosoft indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es. Par ailleurs, le CERT-FR a connaissance\nd\u0027une premi\u00e8re preuve de concept publique (non encore qualifi\u00e9e).\n\nLa vuln\u00e9rabilit\u00e9 ne requiert pas d\u0027intervention de l\u0027utilisateur. Elle\nest d\u00e9clench\u00e9e lorsqu\u0027un attaquant envoie un message contenant un\nlien\u00a0*UNC* (*Universal Naming Convention*) vers une ressource partag\u00e9e\nen *SMB* h\u00e9berg\u00e9e sur un serveur qui serait sous contr\u00f4le de\nl\u0027attaquant. Durant la connexion *SMB* au serveur malveillant, le \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003emessage d\u2019authentification\u003c/span\u003e\n*NTLM* pour la n\u00e9gociation de l\u0027authentification est envoy\u00e9, l\u0027attaquant\npeut ainsi le relayer aupr\u00e8s d\u0027autres services supportant ce type\nd\u0027authentification pour obtenir un acc\u00e8s valide.\n\nL\u0027\u00e9diteur indique que les version d\u0027Outlook pour Android, iOS, Mac, mais\naussi la version web et les services M365 ne sont pas vuln\u00e9rables.\n\nMicrosoft a publi\u00e9 un code Powershell et une documentation permettant de\nv\u00e9rifier si un syst\u00e8me a \u00e9t\u00e9 la cible d\u0027une attaque. Le script remonte\nles courriels, t\u00e2ches et invitations de calendrier pointant vers un\npartage potentiellement non-ma\u00eetris\u00e9. Ces \u00e9l\u00e9ments doivent \u00eatre pass\u00e9s\nen revue afin de d\u00e9terminer leur l\u00e9gitimit\u00e9 et, dans le cas contraire,\nils doivent faire l\u0027objet d\u0027une investigation (contr\u00f4ler l\u0027existence de\nconnexions sortantes associ\u00e9es, lister les connexions r\u00e9alis\u00e9es \u00e0 l\u0027aide\ndu compte utilisateur, etc.) pour prendre les mesures de rem\u00e9diation\nappropri\u00e9es.\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\]\u003c/strong\u003e Le 24 mars 2023, Microsoft a publi\u00e9\nun guide d\u0027investigation documentant les diff\u00e9rents contr\u00f4les \u00e0 mener et\nles indicateurs de compromission \u00e0 chercher. Il convient de noter que ce\nguide apporte plusieurs \u00e9l\u00e9ments techniques qui sont \u00e9galement \u00e0 prendre\nen compte :\n\n-   Pour pr\u00e9venir une exploitation men\u00e9e par un attaquant utilisant une\n    machine distante pour collecter les condensats *Net-NTLMv2*, il\n    convient d\u0027interdire les flux *SMB* \u003cu\u003een sortie du syst\u00e8me\n    d\u0027information\u003c/u\u003e (TCP/445). Cette r\u00e8gle s\u0027impose \u00e9galement aux\n    postes nomades, dont les flux doivent \u00eatre s\u00e9curis\u00e9s (cf. les r\u00e8gles\n    R16 \u00e0 R18 du guide ANSSI pour le nomadisme num\u00e9rique \\[2\\]).\n-   \u003cspan class=\"mx_EventTile_body markdown-body\" dir=\"auto\"\u003eLa mise \u00e0\n    jour de s\u00e9curit\u00e9 de Microsoft Exchange Server du mois de mars 2023\n    permet de pr\u00e9venir l\u0027exploitation de la vuln\u00e9rabilit\u00e9 en supprimant\n    automatiquement les courriels dont la propri\u00e9t\u00e9\n    *PidLidReminderFileParameter* est d\u00e9finie. Ce correctif ne corrige\n    pas la vuln\u00e9rabilit\u00e9 intrins\u00e8que au client Outlook mais emp\u00eache son\n    exploitation.\u003c/span\u003e\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\u003c/strong\u003e\n\u003c/span\u003eLe 9 mai, Microsoft a publi\u00e9 un correctif pour une vuln\u00e9rabilit\u00e9\ndont l\u0027identifiant est CVE-2023-29324. Cette vuln\u00e9rabilit\u00e9 permet de\ncontinuer \u00e0 exploiter la vuln\u00e9rabilit\u00e9 CVE-2023-23397 avec un lien *UNC*\nsp\u00e9cialement construit par l\u0027attaquant \\[3\\] si le correctif de s\u00e9curit\u00e9\nde mars 2023 pour les serveurs Microsoft Exchange n\u0027a pas \u00e9t\u00e9 appliqu\u00e9\n(cf. la mise \u00e0 jour de l\u0027alerte du 20 avril).\n\nAfin de respecter le principe de d\u00e9fense en profondeur, le CERT-FR\nrecommande d\u0027appliquer la mise \u00e0 jour de mai 2023 (correction de la\nvuln\u00e9rabilit\u00e9 CVE-2023-29324).\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u00a0\u003c/span\u003e\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "[1] Guide d\u0027investigation Microsoft du 24 mars 2023",
      "url": "https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Billet de blogue Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/"
    }
  ]
}

ghsa-4778-q233-jmh5

Vulnerability from github

Published

2023-03-14 18:30

Modified

2025-10-22 00:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Microsoft Outlook Elevation of Privilege Vulnerability

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-294"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-14T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Microsoft Outlook Elevation of Privilege Vulnerability",
  "id": "GHSA-4778-q233-jmh5",
  "modified": "2025-10-22T00:32:43Z",
  "published": "2023-03-14T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23397"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

msrc_cve-2023-23397

Vulnerability from csaf_microsoft

Published

2023-03-14 07:00

Modified

2023-03-21 07:00

Summary

Microsoft Outlook Elevation of Privilege Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "CERT-UA, Microsoft Incident Response, Microsoft Threat Intelligence"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
      },
      {
        "category": "self",
        "summary": "CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/2023/msrc_cve-2023-23397.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Outlook Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2023-03-21T07:00:00.000Z",
      "generator": {
        "date": "2025-01-01T00:47:47.529Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-23397",
      "initial_release_date": "2023-03-14T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-03-14T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2023-03-15T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated acknowledgment."
        },
        {
          "date": "2023-03-16T07:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Removed the mitigation guidance which recommended disabling the web client service as it is not applicable."
        },
        {
          "date": "2023-03-21T07:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Updated FAQ information. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11953"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5387.1000",
            "product": {
              "name": "Microsoft Outlook 2016 (32-bit edition) \u003c16.0.5387.1000",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5387.1000",
            "product": {
              "name": "Microsoft Outlook 2016 (32-bit edition) 16.0.5387.1000",
              "product_id": "10765"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Outlook 2016 (32-bit edition)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11952"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11574"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11573"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.0.5537.1000",
            "product": {
              "name": "Microsoft Outlook 2013 Service Pack 1 (64-bit editions) \u003c15.0.5537.1000",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "15.0.5537.1000",
            "product": {
              "name": "Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 15.0.5537.1000",
              "product_id": "10811"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Outlook 2013 Service Pack 1 (64-bit editions)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.0.5537.1000",
            "product": {
              "name": "Microsoft Outlook 2013 RT Service Pack 1 \u003c15.0.5537.1000",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "15.0.5537.1000",
            "product": {
              "name": "Microsoft Outlook 2013 RT Service Pack 1 15.0.5537.1000",
              "product_id": "10407"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Outlook 2013 RT Service Pack 1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.0.5537.1000",
            "product": {
              "name": "Microsoft Outlook 2013 Service Pack 1 (32-bit editions) \u003c15.0.5537.1000",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "15.0.5537.1000",
            "product": {
              "name": "Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 15.0.5537.1000",
              "product_id": "10810"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Outlook 2013 Service Pack 1 (32-bit editions)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5387.1000",
            "product": {
              "name": "Microsoft Outlook 2016 (64-bit edition) \u003c16.0.5387.1000",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5387.1000",
            "product": {
              "name": "Microsoft Outlook 2016 (64-bit edition) 16.0.5387.1000",
              "product_id": "10766"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Outlook 2016 (64-bit edition)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23397",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could access a user\u0027s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.",
          "title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.",
          "title": "Is the Preview Pane an attack vector for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted\u00a0location of attackers\u0027 control. This will leak the Net-NTLMv2 hash of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim.",
          "title": "How could an attacker exploit this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2.  This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks.",
          "title": "Where can I find more information about NTLM relay attacks?"
        },
        {
          "category": "faq",
          "text": "Please see the MSRC Blog Post relating to this vulnerability here: Microsoft Mitigates Outlook Elevation of Privilege Vulnerability.",
          "title": "Where can I find more information?"
        }
      ],
      "product_status": {
        "fixed": [
          "10407",
          "10765",
          "10766",
          "10810",
          "10811",
          "11573",
          "11574",
          "11762",
          "11763",
          "11952",
          "11953"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
        },
        {
          "category": "self",
          "summary": "CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-14T07:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates",
          "product_ids": [
            "1",
            "2",
            "3",
            "5",
            "4",
            "6"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates"
        },
        {
          "category": "vendor_fix",
          "date": "2023-03-14T07:00:00.000Z",
          "details": "16.0.5387.1000:Security Update:https://support.microsoft.com/help/5002254",
          "product_ids": [
            "10"
          ],
          "url": "https://support.microsoft.com/help/5002254"
        },
        {
          "category": "vendor_fix",
          "date": "2023-03-14T07:00:00.000Z",
          "details": "15.0.5537.1000:Security Update:https://support.microsoft.com/help/5002265",
          "product_ids": [
            "7"
          ],
          "url": "https://support.microsoft.com/help/5002265"
        },
        {
          "category": "vendor_fix",
          "date": "2023-03-14T07:00:00.000Z",
          "details": "15.0.5537.1000:Security Update:https://support.microsoft.com/help/5002265",
          "product_ids": [
            "11"
          ],
          "url": "https://support.microsoft.com/help/5002265"
        },
        {
          "category": "vendor_fix",
          "date": "2023-03-14T07:00:00.000Z",
          "details": "15.0.5537.1000:Security Update:https://support.microsoft.com/help/5002265",
          "product_ids": [
            "8"
          ],
          "url": "https://support.microsoft.com/help/5002265"
        },
        {
          "category": "vendor_fix",
          "date": "2023-03-14T07:00:00.000Z",
          "details": "16.0.5387.1000:Security Update:https://support.microsoft.com/help/5002254",
          "product_ids": [
            "9"
          ],
          "url": "https://support.microsoft.com/help/5002254"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 9.1,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Exploited:Yes;Latest Software Release:Exploitation Detected"
        }
      ],
      "title": "Microsoft Outlook Elevation of Privilege Vulnerability"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-23397 (GCVE-0-2023-23397)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

fkie_cve-2023-23397

Vulnerability from fkie_nvd

CERTFR-2023-AVI-0231

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0234

Vulnerability from certfr_avis

Solution

gsd-2023-23397

Vulnerability from gsd

CERTFR-2023-ALE-002

Vulnerability from certfr_alerte

Solution

ghsa-4778-q233-jmh5

Vulnerability from github

msrc_cve-2023-23397

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature