<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof ContentPasted1 ContentPasted2">
Anyone been hit by the new MS Outlook super critical vulnerability/exploit? - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23397" title="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23397" data-loopstyle="link" id="LPlnk850888">CVE-2023-23397</a><br>
Info - <a href="https://securityboulevard.com/2023/03/detecting-cve-2023-23397-how-to-identify-exploitation-of-the-latest-microsoft-outlook-vulnerability/" id="LPNoLPOWALinkPreview">https://securityboulevard.com/2023/03/detecting-cve-2023-23397-how-to-identify-exploitation-of-the-latest-microsoft-outlook-vulnerability/</a>
<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1"></div>
<br>
What's it looked like for your org?<br>
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">One not-often discussed work around is that of setting up your Windows clients to block outbound port 445 traffic (scoped for only their LAN) using the Windows Advanced Firewall.
<br>
Here's an example of looking outbound ports: </span><a href="https://www.youtube.com/watch?v=fdqMWN2LPzc" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-safelink="true" data-linkindex="4" class="ContentPasted0" style="font-size: 14px; font-family: "Noto Sans", Arial, sans-serif;">https://www.youtube.com/watch?v=fdqMWN2LPzc</a><span class="ContentPasted0" style="font-family: "Noto Sans", Arial, sans-serif; font-size: 14px; color: rgb(28, 28, 28); display: inline !important; background-color: rgb(255, 255, 255);"> </span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
<span style="font-family: "Noto Sans", Arial, sans-serif; font-size: 14px; color: rgb(28, 28, 28); background-color: rgb(255, 255, 255); display: inline !important;" class="ContentPasted0">(allow outbound 445, but use the "Scope" function to only allow your
LAN outbound network range access.. blocking everything else).</span></div>
<div class="elementToProof">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
That will stop the exploit from completing.<br>
<br>
What are you all seeing in the wild?<br>
(I only use Exchange via OWA via Linux.. so I'm good ;)<br>
<br>
</div>
<div id="Signature">
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
</div>
<div></div>
<div></div>
<div></div>
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<span style="font-family:Consolas,Courier,monospace">-- </span></div>
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<b><span style="font-family:Consolas,Courier,monospace">T.Weeks</span><br>
</b></div>
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<b><span style="font-family:Consolas,Courier,monospace">Thomas "Tweeks" Weeks</span><br>
</b></div>
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<b><span style="font-family: Consolas, Courier, monospace; color: black;">Director, Technology Futures and Community Advocacy</span></b></div>
<div name="divtagdefaultwrapper" style="margin:0px"><b style=""><span style="color: black;"><font face="Consolas, Courier, monospace"></font></span><span style="font-family: Consolas, Courier, monospace; color: black;">Division of Information Technology,</span><font color="#000000" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: inherit; font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit;"><span style="font-family:Consolas,Courier,monospace"> Virginia
Tech</span><br>
</font></b></div>
<div name="divtagdefaultwrapper" style="margin:0px"><b style=""><font color="#000000" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: inherit; font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit;"></font><span style="font-family:Consolas,Courier,monospace"><b style="font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><span style="margin: 0px; color: black;"><font face="Consolas, Courier, monospace">Cyber
Range Engineer, <a href="http://www.virginiacyberrange.org/" style="margin:0px" data-loopstyle="link">VirginiaCyberRange.org</a> <br>
</font></span></b></span></b></div>
<div name="divtagdefaultwrapper" style="margin:0px"><b style=""><span style="font-family:Calibri,Arial,Helvetica,sans-serif"><br>
</span></b></div>
</div>
</div>
</div>
</body>
</html>