<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof ContentPasted1 ContentPasted2">

Anyone been hit by the new MS Outlook super critical vulnerability/exploit? - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23397" title="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23397" data-loopstyle="link" id="LPlnk850888">CVE-2023-23397</a><br>

Info - <a href="https://securityboulevard.com/2023/03/detecting-cve-2023-23397-how-to-identify-exploitation-of-the-latest-microsoft-outlook-vulnerability/" id="LPNoLPOWALinkPreview">https://securityboulevard.com/2023/03/detecting-cve-2023-23397-how-to-identify-exploitation-of-the-latest-microsoft-outlook-vulnerability/</a>

<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1"></div>

<br>

What's it looked like for your org?<br>

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">

<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">One not-often discussed work around is that of setting up your Windows clients to block outbound port 445 traffic (scoped for only their LAN) using the Windows Advanced Firewall.

<br>

Here's an example of looking outbound ports: </span><a href="https://www.youtube.com/watch?v=fdqMWN2LPzc" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-safelink="true" data-linkindex="4" class="ContentPasted0" style="font-size: 14px; font-family: "Noto Sans", Arial, sans-serif;">https://www.youtube.com/watch?v=fdqMWN2LPzc</a><span class="ContentPasted0" style="font-family: "Noto Sans", Arial, sans-serif; font-size: 14px; color: rgb(28, 28, 28); display: inline !important; background-color: rgb(255, 255, 255);"> </span><br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">

<span style="font-family: "Noto Sans", Arial, sans-serif; font-size: 14px; color: rgb(28, 28, 28); background-color: rgb(255, 255, 255); display: inline !important;" class="ContentPasted0">(allow outbound 445, but use the "Scope" function to only allow your

 LAN outbound network range access.. blocking everything else).</span></div>

<div class="elementToProof">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

That will stop the exploit from completing.<br>

<br>

What are you all seeing in the wild?<br>

(I only use Exchange via OWA via Linux.. so I'm  good ;)<br>

<br>

</div>

<div id="Signature">

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

</div>

<div></div>

<div></div>

<div></div>

<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">

<span style="font-family:Consolas,Courier,monospace">-- </span></div>

<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">

<b><span style="font-family:Consolas,Courier,monospace">T.Weeks</span><br>

</b></div>

<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">

<b><span style="font-family:Consolas,Courier,monospace">Thomas "Tweeks" Weeks</span><br>

</b></div>

<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">

<b><span style="font-family: Consolas, Courier, monospace; color: black;">Director, Technology Futures and Community Advocacy</span></b></div>

<div name="divtagdefaultwrapper" style="margin:0px"><b style=""><span style="color: black;"><font face="Consolas, Courier, monospace"></font></span><span style="font-family: Consolas, Courier, monospace; color: black;">Division of Information Technology,</span><font color="#000000" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: inherit; font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit;"><span style="font-family:Consolas,Courier,monospace"> Virginia

 Tech</span><br>

</font></b></div>

<div name="divtagdefaultwrapper" style="margin:0px"><b style=""><font color="#000000" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: inherit; font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit;"></font><span style="font-family:Consolas,Courier,monospace"><b style="font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><span style="margin: 0px; color: black;"><font face="Consolas, Courier, monospace">Cyber

 Range Engineer, <a href="http://www.virginiacyberrange.org/" style="margin:0px" data-loopstyle="link">VirginiaCyberRange.org</a>    <br>

</font></span></b></span></b></div>

<div name="divtagdefaultwrapper" style="margin:0px"><b style=""><span style="font-family:Calibri,Arial,Helvetica,sans-serif"><br>

</span></b></div>

</div>

</div>

</div>

</body>

</html>