Vulnerability-Lookup

CVE-2023-23397 (GCVE-0-2023-23397)

Vulnerability from cvelistv5 – Published: 2023-03-14 16:55 – Updated: 2025-10-21 23:15

CISA KEV KEVintel KEV

Title

Microsoft Outlook Elevation of Privilege Vulnerability

Summary

Microsoft Outlook Elevation of Privilege Vulnerability

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

2 references

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Outlook 2016	Affected: 16.0.0.0 , < 16.0.5387.1000 (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Outlook 2013 Service Pack 1	Affected: 15.0.0.0 , < 15.0.5537.1000 (custom)

Date Public

2023-03-14 07:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: cc16449c-9d00-4401-b0af-4bfaf155e5cb

Vulnerability ID: CVE-2023-23397

Status: Confirmed

Status Updated: 2023-03-14 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-03-14

Asserted: 2023-03-14

Scope

Notes: KEV entry: Microsoft Office Outlook Privilege Escalation Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-294
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Office
Due Date	2023-04-04
Date Added	2023-03-14
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Office Outlook Privilege Escalation Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2023-23397

Created: 2026-02-02 12:27 UTC | Updated: 2026-02-06 07:17 UTC

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 5f030014-4694-4d47-98a4-cf4c589db0e4

Vulnerability ID: CVE-2023-23397

Status: Confirmed

Status Updated: 2023-03-14 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-03-14

Asserted: 2023-03-14

Scope

Notes: KEVIntel entry: Microsoft Outlook Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1 | CVSS: 9.8 (CRITICAL) | EPSS: 0.97408 | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Microsoft Outlook Elevation of Privilege Vulnerability
Vendor	Microsoft
Product	Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1
Added Date	2023-03-14T00:00:00.000Z
Cvss Score	9.8
Epss Score	0.97408
Cvss Severity	CRITICAL
Epss Percentile	0.9989
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-19 12:46 UTC | Updated: 2026-06-19 12:46 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Outlook Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23397",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-21T18:47:26.732010Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-03-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:23.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-03-14T00:00:00.000Z",
            "value": "CVE-2023-23397 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Outlook 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5387.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Outlook 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5537.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*",
                  "versionEndExcluding": "16.0.5387.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.5537.1000",
                  "versionStartIncluding": "15.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-03-14T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:48:07.606Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Outlook Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
        }
      ],
      "title": "Microsoft Outlook Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-23397",
    "datePublished": "2023-03-14T16:55:28.168Z",
    "dateReserved": "2023-01-11T22:08:03.137Z",
    "dateUpdated": "2025-10-21T23:15:23.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-23397",
      "cwes": "[\"CWE-294\"]",
      "dateAdded": "2023-03-14",
      "dueDate": "2023-04-04",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ;  https://nvd.nist.gov/vuln/detail/CVE-2023-23397",
      "product": "Office",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Office Outlook Privilege Escalation Vulnerability"
    },
    "epss": {
      "cve": "CVE-2023-23397",
      "date": "2026-06-18",
      "epss": "0.97408",
      "percentile": "0.9989"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-04-04",
      "cisaExploitAdd": "2023-03-14",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Microsoft Office Outlook Privilege Escalation Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"40C15EDD-98D4-4D06-BA06-21AE0F33C72D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF177984-A906-43FA-BF60-298133FBBD6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*\", \"matchCriteriaId\": \"8D513A61-6427-4F85-AADF-99D6F223AF2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*\", \"matchCriteriaId\": \"DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2B1657C-0FF4-461A-BE2A-641275C4B0A0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Outlook Elevation of Privilege Vulnerability\"}]",
      "id": "CVE-2023-23397",
      "lastModified": "2024-11-21T07:46:06.367",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-03-14T17:15:13.263",
      "references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-294\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23397\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-03-14T17:15:13.263\",\"lastModified\":\"2025-10-27T17:14:31.953\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Outlook Elevation of Privilege Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-03-14\",\"cisaActionDue\":\"2023-04-04\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Office Outlook Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-294\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"40C15EDD-98D4-4D06-BA06-21AE0F33C72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF177984-A906-43FA-BF60-298133FBBD6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*\",\"matchCriteriaId\":\"8D513A61-6427-4F85-AADF-99D6F223AF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B1657C-0FF4-461A-BE2A-641275C4B0A0\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\", \"name\": \"Microsoft Outlook Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:28:40.887Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23397\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-21T18:47:26.732010Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-03-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-03-14T00:00:00.000Z\", \"value\": \"CVE-2023-23397 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T18:34:19.807Z\"}}], \"cna\": {\"title\": \"Microsoft Outlook Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Outlook 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.5387.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Outlook 2013 Service Pack 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0.0\", \"lessThan\": \"15.0.5537.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\", \"32-bit Systems\"]}], \"datePublic\": \"2023-03-14T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\", \"name\": \"Microsoft Outlook Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Outlook Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5387.1000\", \"versionStartIncluding\": \"16.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"19.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.5537.1000\", \"versionStartIncluding\": \"15.0.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-01-01T00:48:07.606Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23397\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:23.783Z\", \"dateReserved\": \"2023-01-11T22:08:03.137Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-03-14T16:55:28.168Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-ALE-002

Vulnerability from certfr_alerte - Published: - Updated:

[mise à jour du 11 mai 2023] Possibilité de contournement du correctif proposé par l'éditeur par le biais de la CVE-2023-29324

[mise à jour du 20 avril 2023] clarification de la recommandation pour le filtrage du flux SMB

[mise à jour du 29 mars 2023] complément d'information et recommandation

En date du 14 mars 2023, lors de sa mise à jour mensuelle, Microsoft a indiqué l'existence d'une vulnérabilité CVE-2023-23397 affectant diverses versions du produit Outlook pour Windows qui permet à un attaquant de récupérer le condensat Net-NTLMv2 (new technology LAN manager).

Microsoft indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées. Par ailleurs, le CERT-FR a connaissance d'une première preuve de concept publique (non encore qualifiée).

La vulnérabilité ne requiert pas d'intervention de l'utilisateur. Elle est déclenchée lorsqu'un attaquant envoie un message contenant un lien UNC (Universal Naming Convention) vers une ressource partagée en SMB hébergée sur un serveur qui serait sous contrôle de l'attaquant. Durant la connexion SMB au serveur malveillant, le message d’authentification NTLM pour la négociation de l'authentification est envoyé, l'attaquant peut ainsi le relayer auprès d'autres services supportant ce type d'authentification pour obtenir un accès valide.

L'éditeur indique que les version d'Outlook pour Android, iOS, Mac, mais aussi la version web et les services M365 ne sont pas vulnérables.

Microsoft a publié un code Powershell et une documentation permettant de vérifier si un système a été la cible d'une attaque. Le script remonte les courriels, tâches et invitations de calendrier pointant vers un partage potentiellement non-maîtrisé. Ces éléments doivent être passés en revue afin de déterminer leur légitimité et, dans le cas contraire, ils doivent faire l'objet d'une investigation (contrôler l'existence de connexions sortantes associées, lister les connexions réalisées à l'aide du compte utilisateur, etc.) pour prendre les mesures de remédiation appropriées.

[mise à jour du 20 avril 2023] Le 24 mars 2023, Microsoft a publié un guide d'investigation documentant les différents contrôles à mener et les indicateurs de compromission à chercher. Il convient de noter que ce guide apporte plusieurs éléments techniques qui sont également à prendre en compte :

Pour prévenir une exploitation menée par un attaquant utilisant une machine distante pour collecter les condensats Net-NTLMv2, il convient d'interdire les flux SMB en sortie du système d'information (TCP/445). Cette règle s'impose également aux postes nomades, dont les flux doivent être sécurisés (cf. les règles R16 à R18 du guide ANSSI pour le nomadisme numérique [2]).
La mise à jour de sécurité de Microsoft Exchange Server du mois de mars 2023 permet de prévenir l'exploitation de la vulnérabilité en supprimant automatiquement les courriels dont la propriété PidLidReminderFileParameter est définie. Ce correctif ne corrige pas la vulnérabilité intrinsèque au client Outlook mais empêche son exploitation.

[mise à jour du 11 mai 2023] Le 9 mai, Microsoft a publié un correctif pour une vulnérabilité dont l'identifiant est CVE-2023-29324. Cette vulnérabilité permet de continuer à exploiter la vulnérabilité CVE-2023-23397 avec un lien UNC spécialement construit par l'attaquant [3] si le correctif de sécurité de mars 2023 pour les serveurs Microsoft Exchange n'a pas été appliqué (cf. la mise à jour de l'alerte du 20 avril).

Afin de respecter le principe de défense en profondeur, le CERT-FR recommande d'appliquer la mise à jour de mai 2023 (correction de la vulnérabilité CVE-2023-29324).

Solution

Le CERT-FR recommande fortement d’appliquer la mise à jour fournie par Microsoft, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer la mise à jour de sécurité de mars 2023 pour Microsoft Exchange Server.

[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer les mises à jour de sécurité de mars et de mai 2023 pour Microsoft Exchange Server.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Entreprise pour systèmes 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Entreprise pour systèmes 64 bits
Microsoft	N/A	Microsoft Outlook 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Outlook 2016 (édition 32 bits)

References

Title

Publication Time

Tags

[1] Guide d'investigation Microsoft du 24 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Billet de blogue Microsoft du 14 mars 2023	None	vendor-advisory
[3] Billet de blog du découvreur de la CVE-2023-29324	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Documentation et code Powershell fournis par Microsoft pour l'identification de compromission	-	other
[2] Guide ANSSI pour le nomadisme numérique	-	other
Avis CERTFR-2023-AVI-0231 du 15 mars 2023	-	other
Les bons réflexes en cas d’intrusion sur un système d’information	-	other
Avis CERTFR-2023-AVI-0234 du 15 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2023-07-26",
  "content": "## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer la mise \u00e0 jour fournie par\nMicrosoft, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n\n**\\[mise \u00e0 jour du 29 mars 2023\\]** Le CERT-FR recommande fortement\nd\u0027appliquer la mise \u00e0 jour de s\u00e9curit\u00e9 de mars 2023 pour Microsoft\nExchange Server.\n\n\u003cspan style=\"color: #ff0000;\"\u003e**\\[mise \u00e0 jour du 29 mars 2023\\]**\u003c/span\u003e\nLe CERT-FR recommande fortement d\u0027appliquer les mises \u00e0 jour de s\u00e9curit\u00e9\nde mars \u003cu\u003eet\u003c/u\u003e de mai 2023 pour Microsoft Exchange Server.\n",
  "cves": [
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-29324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
    }
  ],
  "links": [
    {
      "title": "[3] Billet de blog du d\u00e9couvreur de la CVE-2023-29324",
      "url": "https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Documentation et code Powershell fournis par Microsoft pour l\u0027identification de compromission",
      "url": "https://aka.ms/CVE-2023-23397ScriptDoc"
    },
    {
      "title": "[2] Guide ANSSI pour le nomadisme num\u00e9rique",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    },
    {
      "title": "Avis CERTFR-2023-AVI-0231 du 15 mars 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0231/"
    },
    {
      "title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Avis CERTFR-2023-AVI-0234 du 15 mars 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0234/"
    }
  ],
  "reference": "CERTFR-2023-ALE-002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    },
    {
      "description": "Clarifications mineures",
      "revision_date": "2023-03-16T00:00:00.000000"
    },
    {
      "description": "clarification de la recommadation pour le filtrage du flux SMB",
      "revision_date": "2023-04-20T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-29324",
      "revision_date": "2023-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\nPossibilit\u00e9 de contournement du correctif propos\u00e9 par l\u0027\u00e9diteur par le\nbiais de la CVE-2023-29324\u003c/strong\u003e\u003c/span\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\] clarification de la recommandation\npour le filtrage du flux SMB\u003c/strong\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 29 mars 2023\\] compl\u00e9ment d\u0027information et\nrecommandation  \n\u003c/strong\u003e\n\nEn date du 14 mars 2023, \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003elors\nde sa mise \u00e0 jour mensuelle\u003c/span\u003e, Microsoft a indiqu\u00e9 l\u0027existence\nd\u0027une vuln\u00e9rabilit\u00e9 CVE-2023-23397 affectant diverses versions du\nproduit Outlook pour Windows qui permet \u00e0 un attaquant \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003ede r\u00e9cup\u00e9rer le condensat\n\u003c/span\u003e*Net-NTLMv2* (*new technology LAN manager*).\n\nMicrosoft indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es. Par ailleurs, le CERT-FR a connaissance\nd\u0027une premi\u00e8re preuve de concept publique (non encore qualifi\u00e9e).\n\nLa vuln\u00e9rabilit\u00e9 ne requiert pas d\u0027intervention de l\u0027utilisateur. Elle\nest d\u00e9clench\u00e9e lorsqu\u0027un attaquant envoie un message contenant un\nlien\u00a0*UNC* (*Universal Naming Convention*) vers une ressource partag\u00e9e\nen *SMB* h\u00e9berg\u00e9e sur un serveur qui serait sous contr\u00f4le de\nl\u0027attaquant. Durant la connexion *SMB* au serveur malveillant, le \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003emessage d\u2019authentification\u003c/span\u003e\n*NTLM* pour la n\u00e9gociation de l\u0027authentification est envoy\u00e9, l\u0027attaquant\npeut ainsi le relayer aupr\u00e8s d\u0027autres services supportant ce type\nd\u0027authentification pour obtenir un acc\u00e8s valide.\n\nL\u0027\u00e9diteur indique que les version d\u0027Outlook pour Android, iOS, Mac, mais\naussi la version web et les services M365 ne sont pas vuln\u00e9rables.\n\nMicrosoft a publi\u00e9 un code Powershell et une documentation permettant de\nv\u00e9rifier si un syst\u00e8me a \u00e9t\u00e9 la cible d\u0027une attaque. Le script remonte\nles courriels, t\u00e2ches et invitations de calendrier pointant vers un\npartage potentiellement non-ma\u00eetris\u00e9. Ces \u00e9l\u00e9ments doivent \u00eatre pass\u00e9s\nen revue afin de d\u00e9terminer leur l\u00e9gitimit\u00e9 et, dans le cas contraire,\nils doivent faire l\u0027objet d\u0027une investigation (contr\u00f4ler l\u0027existence de\nconnexions sortantes associ\u00e9es, lister les connexions r\u00e9alis\u00e9es \u00e0 l\u0027aide\ndu compte utilisateur, etc.) pour prendre les mesures de rem\u00e9diation\nappropri\u00e9es.\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\]\u003c/strong\u003e Le 24 mars 2023, Microsoft a publi\u00e9\nun guide d\u0027investigation documentant les diff\u00e9rents contr\u00f4les \u00e0 mener et\nles indicateurs de compromission \u00e0 chercher. Il convient de noter que ce\nguide apporte plusieurs \u00e9l\u00e9ments techniques qui sont \u00e9galement \u00e0 prendre\nen compte :\n\n-   Pour pr\u00e9venir une exploitation men\u00e9e par un attaquant utilisant une\n    machine distante pour collecter les condensats *Net-NTLMv2*, il\n    convient d\u0027interdire les flux *SMB* \u003cu\u003een sortie du syst\u00e8me\n    d\u0027information\u003c/u\u003e (TCP/445). Cette r\u00e8gle s\u0027impose \u00e9galement aux\n    postes nomades, dont les flux doivent \u00eatre s\u00e9curis\u00e9s (cf. les r\u00e8gles\n    R16 \u00e0 R18 du guide ANSSI pour le nomadisme num\u00e9rique \\[2\\]).\n-   \u003cspan class=\"mx_EventTile_body markdown-body\" dir=\"auto\"\u003eLa mise \u00e0\n    jour de s\u00e9curit\u00e9 de Microsoft Exchange Server du mois de mars 2023\n    permet de pr\u00e9venir l\u0027exploitation de la vuln\u00e9rabilit\u00e9 en supprimant\n    automatiquement les courriels dont la propri\u00e9t\u00e9\n    *PidLidReminderFileParameter* est d\u00e9finie. Ce correctif ne corrige\n    pas la vuln\u00e9rabilit\u00e9 intrins\u00e8que au client Outlook mais emp\u00eache son\n    exploitation.\u003c/span\u003e\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\u003c/strong\u003e\n\u003c/span\u003eLe 9 mai, Microsoft a publi\u00e9 un correctif pour une vuln\u00e9rabilit\u00e9\ndont l\u0027identifiant est CVE-2023-29324. Cette vuln\u00e9rabilit\u00e9 permet de\ncontinuer \u00e0 exploiter la vuln\u00e9rabilit\u00e9 CVE-2023-23397 avec un lien *UNC*\nsp\u00e9cialement construit par l\u0027attaquant \\[3\\] si le correctif de s\u00e9curit\u00e9\nde mars 2023 pour les serveurs Microsoft Exchange n\u0027a pas \u00e9t\u00e9 appliqu\u00e9\n(cf. la mise \u00e0 jour de l\u0027alerte du 20 avril).\n\nAfin de respecter le principe de d\u00e9fense en profondeur, le CERT-FR\nrecommande d\u0027appliquer la mise \u00e0 jour de mai 2023 (correction de la\nvuln\u00e9rabilit\u00e9 CVE-2023-29324).\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u00a0\u003c/span\u003e\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "[1] Guide d\u0027investigation Microsoft du 24 mars 2023",
      "url": "https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Billet de blogue Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/"
    }
  ]
}

CERTFR-2023-ALE-002

Vulnerability from certfr_alerte - Published: - Updated:

[mise à jour du 11 mai 2023] Possibilité de contournement du correctif proposé par l'éditeur par le biais de la CVE-2023-29324

[mise à jour du 20 avril 2023] clarification de la recommandation pour le filtrage du flux SMB

[mise à jour du 29 mars 2023] complément d'information et recommandation

L'éditeur indique que les version d'Outlook pour Android, iOS, Mac, mais aussi la version web et les services M365 ne sont pas vulnérables.

Pour prévenir une exploitation menée par un attaquant utilisant une machine distante pour collecter les condensats Net-NTLMv2, il convient d'interdire les flux SMB en sortie du système d'information (TCP/445). Cette règle s'impose également aux postes nomades, dont les flux doivent être sécurisés (cf. les règles R16 à R18 du guide ANSSI pour le nomadisme numérique [2]).
La mise à jour de sécurité de Microsoft Exchange Server du mois de mars 2023 permet de prévenir l'exploitation de la vulnérabilité en supprimant automatiquement les courriels dont la propriété PidLidReminderFileParameter est définie. Ce correctif ne corrige pas la vulnérabilité intrinsèque au client Outlook mais empêche son exploitation.

Afin de respecter le principe de défense en profondeur, le CERT-FR recommande d'appliquer la mise à jour de mai 2023 (correction de la vulnérabilité CVE-2023-29324).

Solution

Le CERT-FR recommande fortement d’appliquer la mise à jour fournie par Microsoft, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer la mise à jour de sécurité de mars 2023 pour Microsoft Exchange Server.

[mise à jour du 29 mars 2023] Le CERT-FR recommande fortement d'appliquer les mises à jour de sécurité de mars et de mai 2023 pour Microsoft Exchange Server.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Entreprise pour systèmes 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Entreprise pour systèmes 64 bits
Microsoft	N/A	Microsoft Outlook 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	N/A	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Outlook 2016 (édition 32 bits)

References

Title

Publication Time

Tags

[1] Guide d'investigation Microsoft du 24 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Billet de blogue Microsoft du 14 mars 2023	None	vendor-advisory
[3] Billet de blog du découvreur de la CVE-2023-29324	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Documentation et code Powershell fournis par Microsoft pour l'identification de compromission	-	other
[2] Guide ANSSI pour le nomadisme numérique	-	other
Avis CERTFR-2023-AVI-0231 du 15 mars 2023	-	other
Les bons réflexes en cas d’intrusion sur un système d’information	-	other
Avis CERTFR-2023-AVI-0234 du 15 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Entreprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2023-07-26",
  "content": "## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer la mise \u00e0 jour fournie par\nMicrosoft, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n\n**\\[mise \u00e0 jour du 29 mars 2023\\]** Le CERT-FR recommande fortement\nd\u0027appliquer la mise \u00e0 jour de s\u00e9curit\u00e9 de mars 2023 pour Microsoft\nExchange Server.\n\n\u003cspan style=\"color: #ff0000;\"\u003e**\\[mise \u00e0 jour du 29 mars 2023\\]**\u003c/span\u003e\nLe CERT-FR recommande fortement d\u0027appliquer les mises \u00e0 jour de s\u00e9curit\u00e9\nde mars \u003cu\u003eet\u003c/u\u003e de mai 2023 pour Microsoft Exchange Server.\n",
  "cves": [
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-29324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29324"
    }
  ],
  "links": [
    {
      "title": "[3] Billet de blog du d\u00e9couvreur de la CVE-2023-29324",
      "url": "https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Documentation et code Powershell fournis par Microsoft pour l\u0027identification de compromission",
      "url": "https://aka.ms/CVE-2023-23397ScriptDoc"
    },
    {
      "title": "[2] Guide ANSSI pour le nomadisme num\u00e9rique",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    },
    {
      "title": "Avis CERTFR-2023-AVI-0231 du 15 mars 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0231/"
    },
    {
      "title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Avis CERTFR-2023-AVI-0234 du 15 mars 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0234/"
    }
  ],
  "reference": "CERTFR-2023-ALE-002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    },
    {
      "description": "Clarifications mineures",
      "revision_date": "2023-03-16T00:00:00.000000"
    },
    {
      "description": "clarification de la recommadation pour le filtrage du flux SMB",
      "revision_date": "2023-04-20T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027informations concernant la vuln\u00e9rabilit\u00e9 CVE-2023-29324",
      "revision_date": "2023-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\nPossibilit\u00e9 de contournement du correctif propos\u00e9 par l\u0027\u00e9diteur par le\nbiais de la CVE-2023-29324\u003c/strong\u003e\u003c/span\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\] clarification de la recommandation\npour le filtrage du flux SMB\u003c/strong\u003e\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 29 mars 2023\\] compl\u00e9ment d\u0027information et\nrecommandation  \n\u003c/strong\u003e\n\nEn date du 14 mars 2023, \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003elors\nde sa mise \u00e0 jour mensuelle\u003c/span\u003e, Microsoft a indiqu\u00e9 l\u0027existence\nd\u0027une vuln\u00e9rabilit\u00e9 CVE-2023-23397 affectant diverses versions du\nproduit Outlook pour Windows qui permet \u00e0 un attaquant \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003ede r\u00e9cup\u00e9rer le condensat\n\u003c/span\u003e*Net-NTLMv2* (*new technology LAN manager*).\n\nMicrosoft indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es. Par ailleurs, le CERT-FR a connaissance\nd\u0027une premi\u00e8re preuve de concept publique (non encore qualifi\u00e9e).\n\nLa vuln\u00e9rabilit\u00e9 ne requiert pas d\u0027intervention de l\u0027utilisateur. Elle\nest d\u00e9clench\u00e9e lorsqu\u0027un attaquant envoie un message contenant un\nlien\u00a0*UNC* (*Universal Naming Convention*) vers une ressource partag\u00e9e\nen *SMB* h\u00e9berg\u00e9e sur un serveur qui serait sous contr\u00f4le de\nl\u0027attaquant. Durant la connexion *SMB* au serveur malveillant, le \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003emessage d\u2019authentification\u003c/span\u003e\n*NTLM* pour la n\u00e9gociation de l\u0027authentification est envoy\u00e9, l\u0027attaquant\npeut ainsi le relayer aupr\u00e8s d\u0027autres services supportant ce type\nd\u0027authentification pour obtenir un acc\u00e8s valide.\n\nL\u0027\u00e9diteur indique que les version d\u0027Outlook pour Android, iOS, Mac, mais\naussi la version web et les services M365 ne sont pas vuln\u00e9rables.\n\nMicrosoft a publi\u00e9 un code Powershell et une documentation permettant de\nv\u00e9rifier si un syst\u00e8me a \u00e9t\u00e9 la cible d\u0027une attaque. Le script remonte\nles courriels, t\u00e2ches et invitations de calendrier pointant vers un\npartage potentiellement non-ma\u00eetris\u00e9. Ces \u00e9l\u00e9ments doivent \u00eatre pass\u00e9s\nen revue afin de d\u00e9terminer leur l\u00e9gitimit\u00e9 et, dans le cas contraire,\nils doivent faire l\u0027objet d\u0027une investigation (contr\u00f4ler l\u0027existence de\nconnexions sortantes associ\u00e9es, lister les connexions r\u00e9alis\u00e9es \u00e0 l\u0027aide\ndu compte utilisateur, etc.) pour prendre les mesures de rem\u00e9diation\nappropri\u00e9es.\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 20 avril 2023\\]\u003c/strong\u003e Le 24 mars 2023, Microsoft a publi\u00e9\nun guide d\u0027investigation documentant les diff\u00e9rents contr\u00f4les \u00e0 mener et\nles indicateurs de compromission \u00e0 chercher. Il convient de noter que ce\nguide apporte plusieurs \u00e9l\u00e9ments techniques qui sont \u00e9galement \u00e0 prendre\nen compte :\n\n-   Pour pr\u00e9venir une exploitation men\u00e9e par un attaquant utilisant une\n    machine distante pour collecter les condensats *Net-NTLMv2*, il\n    convient d\u0027interdire les flux *SMB* \u003cu\u003een sortie du syst\u00e8me\n    d\u0027information\u003c/u\u003e (TCP/445). Cette r\u00e8gle s\u0027impose \u00e9galement aux\n    postes nomades, dont les flux doivent \u00eatre s\u00e9curis\u00e9s (cf. les r\u00e8gles\n    R16 \u00e0 R18 du guide ANSSI pour le nomadisme num\u00e9rique \\[2\\]).\n-   \u003cspan class=\"mx_EventTile_body markdown-body\" dir=\"auto\"\u003eLa mise \u00e0\n    jour de s\u00e9curit\u00e9 de Microsoft Exchange Server du mois de mars 2023\n    permet de pr\u00e9venir l\u0027exploitation de la vuln\u00e9rabilit\u00e9 en supprimant\n    automatiquement les courriels dont la propri\u00e9t\u00e9\n    *PidLidReminderFileParameter* est d\u00e9finie. Ce correctif ne corrige\n    pas la vuln\u00e9rabilit\u00e9 intrins\u00e8que au client Outlook mais emp\u00eache son\n    exploitation.\u003c/span\u003e\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[mise \u00e0 jour du 11 mai 2023\\]\u003c/strong\u003e\n\u003c/span\u003eLe 9 mai, Microsoft a publi\u00e9 un correctif pour une vuln\u00e9rabilit\u00e9\ndont l\u0027identifiant est CVE-2023-29324. Cette vuln\u00e9rabilit\u00e9 permet de\ncontinuer \u00e0 exploiter la vuln\u00e9rabilit\u00e9 CVE-2023-23397 avec un lien *UNC*\nsp\u00e9cialement construit par l\u0027attaquant \\[3\\] si le correctif de s\u00e9curit\u00e9\nde mars 2023 pour les serveurs Microsoft Exchange n\u0027a pas \u00e9t\u00e9 appliqu\u00e9\n(cf. la mise \u00e0 jour de l\u0027alerte du 20 avril).\n\nAfin de respecter le principe de d\u00e9fense en profondeur, le CERT-FR\nrecommande d\u0027appliquer la mise \u00e0 jour de mai 2023 (correction de la\nvuln\u00e9rabilit\u00e9 CVE-2023-29324).\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u00a0\u003c/span\u003e\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "[1] Guide d\u0027investigation Microsoft du 24 mars 2023",
      "url": "https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Billet de blogue Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/"
    }
  ]
}

CERTFR-2023-AVI-0231

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un déni de service, une usurpation d'identité, une élévation de privilèges et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office pour Android
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits)
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour Mac
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC pour Mac 2021
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office pour Universal
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office Online Server
Microsoft	Office	Microsoft SharePoint Server Subscription Edition
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft Office 2016 (édition 64 bits)
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2016 (édition 32 bits)
Microsoft	Office	Microsoft SharePoint Server 2019
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Outlook 2013 RT Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-23396 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24910 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23395 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23398 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23391 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23399 du 14 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office pour Android",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC pour Mac 2021",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Universal",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Online Server",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-23391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23391"
    },
    {
      "name": "CVE-2023-23395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23395"
    },
    {
      "name": "CVE-2023-23398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23398"
    },
    {
      "name": "CVE-2023-23396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23396"
    },
    {
      "name": "CVE-2023-23399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23399"
    },
    {
      "name": "CVE-2023-24910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24910"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23396 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24910 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23395 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23398 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23391 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23399 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399"
    }
  ],
  "reference": "CERTFR-2023-AVI-0231",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service, une usurpation d\u0027identit\u00e9, une\n\u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2023-AVI-0234

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une usurpation d'identité, une élévation de privilèges, une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	OneDrive pour Android
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.0
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.5
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 à 16.10)
Microsoft	N/A	Microsoft Malware Protection Engine
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	OneDrive pour MacOS Installer
Microsoft	N/A	OneDrive pour iOS
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 à 15.8)
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-23946 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24920 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24891 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24919 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24882 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23398 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24879 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24890 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24921 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-22490 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23618 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24930 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23399 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-22743 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24923 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24922 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23389 du 14 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OneDrive pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 \u00e0 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Malware Protection Engine",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour MacOS Installer",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 \u00e0 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
    },
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-24930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24930"
    },
    {
      "name": "CVE-2023-23398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23398"
    },
    {
      "name": "CVE-2023-24923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24923"
    },
    {
      "name": "CVE-2023-22490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
    },
    {
      "name": "CVE-2023-24891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24891"
    },
    {
      "name": "CVE-2023-24920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24920"
    },
    {
      "name": "CVE-2023-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22743"
    },
    {
      "name": "CVE-2023-23399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23399"
    },
    {
      "name": "CVE-2023-24890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24890"
    },
    {
      "name": "CVE-2023-24882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24882"
    },
    {
      "name": "CVE-2023-23618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23618"
    },
    {
      "name": "CVE-2023-24879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24879"
    },
    {
      "name": "CVE-2023-24919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24919"
    },
    {
      "name": "CVE-2023-23389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23389"
    },
    {
      "name": "CVE-2023-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24921"
    },
    {
      "name": "CVE-2023-24922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24922"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23946 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23946"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24920 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24920"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24891 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24891"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24919 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24919"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24882 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24882"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23398 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24879 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24879"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24890 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24890"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24921 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24921"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-22490 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-22490"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23618 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23618"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24930 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24930"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23399 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-22743 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-22743"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24923 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24923"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24922 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24922"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23389 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23389"
    }
  ],
  "reference": "CERTFR-2023-AVI-0234",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une usurpation d\u0027identit\u00e9, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une ex\u00e9cution de code\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2023-AVI-0231

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office pour Android
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits)
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour Mac
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC pour Mac 2021
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office pour Universal
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office Online Server
Microsoft	Office	Microsoft SharePoint Server Subscription Edition
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft Office 2016 (édition 64 bits)
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2016 (édition 32 bits)
Microsoft	Office	Microsoft SharePoint Server 2019
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Outlook 2013 RT Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-23396 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24910 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23395 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23398 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23391 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23399 du 14 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office pour Android",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC pour Mac 2021",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Universal",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Online Server",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-23391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23391"
    },
    {
      "name": "CVE-2023-23395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23395"
    },
    {
      "name": "CVE-2023-23398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23398"
    },
    {
      "name": "CVE-2023-23396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23396"
    },
    {
      "name": "CVE-2023-23399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23399"
    },
    {
      "name": "CVE-2023-24910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24910"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23396 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24910 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23395 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23398 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23391 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23399 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399"
    }
  ],
  "reference": "CERTFR-2023-AVI-0231",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service, une usurpation d\u0027identit\u00e9, une\n\u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2023-AVI-0234

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	OneDrive pour Android
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.0
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.5
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 à 16.10)
Microsoft	N/A	Microsoft Malware Protection Engine
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	OneDrive pour MacOS Installer
Microsoft	N/A	OneDrive pour iOS
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 à 15.8)
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mars 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-23946 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24920 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24891 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24919 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24882 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23398 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24879 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23397 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24890 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24921 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-22490 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23618 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24930 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23399 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-22743 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24923 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-24922 du 14 mars 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-23389 du 14 mars 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OneDrive pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 \u00e0 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Malware Protection Engine",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour MacOS Installer",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 \u00e0 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
    },
    {
      "name": "CVE-2023-23397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"
    },
    {
      "name": "CVE-2023-24930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24930"
    },
    {
      "name": "CVE-2023-23398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23398"
    },
    {
      "name": "CVE-2023-24923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24923"
    },
    {
      "name": "CVE-2023-22490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
    },
    {
      "name": "CVE-2023-24891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24891"
    },
    {
      "name": "CVE-2023-24920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24920"
    },
    {
      "name": "CVE-2023-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22743"
    },
    {
      "name": "CVE-2023-23399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23399"
    },
    {
      "name": "CVE-2023-24890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24890"
    },
    {
      "name": "CVE-2023-24882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24882"
    },
    {
      "name": "CVE-2023-23618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23618"
    },
    {
      "name": "CVE-2023-24879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24879"
    },
    {
      "name": "CVE-2023-24919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24919"
    },
    {
      "name": "CVE-2023-23389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23389"
    },
    {
      "name": "CVE-2023-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24921"
    },
    {
      "name": "CVE-2023-24922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24922"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23946 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23946"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24920 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24920"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24891 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24891"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24919 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24919"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24882 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24882"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23398 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24879 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24879"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23397 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24890 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24890"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24921 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24921"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-22490 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-22490"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23618 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23618"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24930 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24930"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23399 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-22743 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-22743"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24923 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24923"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24922 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24922"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23389 du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23389"
    }
  ],
  "reference": "CERTFR-2023-AVI-0234",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une usurpation d\u0027identit\u00e9, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une ex\u00e9cution de code\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

BDU:2023-01214

Vulnerability from fstec - Published: 14.03.2023

Title

Уязвимость почтового клиента Microsoft Outlook, связанная с раскрытием информации, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость почтового клиента Microsoft Outlook связана с раскрытием информации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии путем отправки специально сформированного письма электронной почты

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2016, Microsoft Outlook 2013 Service Pack 1, Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021

Software Version

- (Microsoft Outlook 2013 RT Service Pack 1), - (Microsoft Outlook 2016), - (Microsoft Outlook 2013 Service Pack 1), - (Microsoft Office 2019), - (Microsoft 365 Apps for Enterprise), - (Microsoft Office LTSC 2021)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - добавление пользователей в Protected Users Security Group (Защищенную Группу Безопасных Пользователей) для предотвращения возможности использования NTLM в качестве механизма аутентификации; - блокирование 445 TCP-порта, что предотвратит отправку сообщений о прохождении NTLM-аутентификации для удаленного доступа к файлам; - использование антивирусного программного обеспечения для выявления средств эксплуатации уязвимости в том числе с функционалом контроля вложений в письма электронной почты; - использование средств межсетевого экранирования для ограничения возможности удалённого доступа. Использование рекомендаций производителя: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO163, TO164",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO163 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Microsoft Outlook 2016 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0432\u044b\u043f\u0443\u0441\u043a (KB5002254), TO164 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Microsoft Outlook 2016 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0432\u044b\u043f\u0443\u0441\u043a (KB5002254)",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Outlook 2013 RT Service Pack 1), - (Microsoft Outlook 2016), - (Microsoft Outlook 2013 Service Pack 1), - (Microsoft Office 2019), - (Microsoft 365 Apps for Enterprise), - (Microsoft Office LTSC 2021)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 Protected Users Security Group (\u0417\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u0443\u044e \u0413\u0440\u0443\u043f\u043f\u0443 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439) \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f NTLM \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438;\n- \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 445 TCP-\u043f\u043e\u0440\u0442\u0430, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e \u043f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0438 NTLM-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043f\u0438\u0441\u044c\u043c\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.03.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.03.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01214",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-23397",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2016, Microsoft Outlook 2013 Service Pack 1, Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Microsoft Outlook, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Microsoft Outlook \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

FKIE_CVE-2023-23397

Vulnerability from fkie_nvd - Published: 2023-03-14 17:15 - Updated: 2026-06-17 05:37

CISA KEV KEVintel KEV

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Microsoft Outlook Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	office	2019
microsoft	office_long_term_servicing_channel	2021
microsoft	outlook	2013
microsoft	outlook	2013
microsoft	outlook	2016

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Outlook 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5387.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Outlook 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5537.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "cisaActionDue": "2023-04-04",
  "cisaExploitAdd": "2023-03-14",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Office Outlook Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*",
              "matchCriteriaId": "8D513A61-6427-4F85-AADF-99D6F223AF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
    }
  ],
  "id": "CVE-2023-23397",
  "lastModified": "2026-06-17T05:37:01.380",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2023-23397",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-03-21T18:47:26.732010Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2023-03-14T17:15:13.263",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4778-Q233-JMH5

Vulnerability from github – Published: 2023-03-14 18:30 – Updated: 2025-10-22 00:32

Details

Microsoft Outlook Elevation of Privilege Vulnerability

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-294"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-14T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Microsoft Outlook Elevation of Privilege Vulnerability",
  "id": "GHSA-4778-q233-jmh5",
  "modified": "2025-10-22T00:32:43Z",
  "published": "2023-03-14T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23397"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-23397

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Microsoft Outlook Elevation of Privilege Vulnerability

Aliases

CVE-2023-23397

Aliases

CVE-2023-23397

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23397",
    "id": "GSD-2023-23397"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23397"
      ],
      "details": "Microsoft Outlook Elevation of Privilege Vulnerability",
      "id": "GSD-2023-23397",
      "modified": "2023-12-13T01:20:49.448973Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-23397",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Office LTSC 2021",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Outlook 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0.0",
                          "version_value": "16.0.5387.1000"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft 365 Apps for Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Office 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "19.0.0",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Outlook 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0.0",
                          "version_value": "15.0.5537.1000"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2023-23397"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Outlook Elevation of Privilege Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-294"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-20T14:00Z",
      "publishedDate": "2023-03-14T17:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-23397 (GCVE-0-2023-23397)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature