Microsoft 365 exploited in wild through CVSS 9.8 pre-auth RCE bug

A critical vulnerability in the ubiquitous Microsoft Outlook/365 applications suite is being actively abused in the wild and demands urgent patching.

CVE-2023-23397, a CVSS 9.8 bug, lets a remote and unauthenticated attacker breach systems merely by sending a specially crafted email that allows them steal the recipient’s credentials.

It gets worse: The victim doesn’t even need to open the malicious email: As Microsoft notes in its own guidance for the Microsoft 365 vulnerability: “[The email] triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.”

Previous Post

The privacy loophole in your doorbell

Next Post

How to prevent insider threats in your Active Directory?

Related Posts