[Security-Discuss] Zero-Day Outlook - What have you seen in the wild vulnerability (CVE-2023-23397) & exploits?

Weeks, Thomas "Tweeks" t.weeks at vt.edu
Fri Mar 17 13:44:58 EST 2023


Anyone been hit by the new MS Outlook super critical vulnerability/exploit? - CVE-2023-23397<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23397>
Info - https://securityboulevard.com/2023/03/detecting-cve-2023-23397-how-to-identify-exploitation-of-the-latest-microsoft-outlook-vulnerability/

What's it looked like for your org?

One not-often discussed work around is that of setting up your Windows clients to block outbound port 445 traffic (scoped for only their LAN) using the Windows Advanced Firewall.
Here's an example of looking outbound ports: https://www.youtube.com/watch?v=fdqMWN2LPzc
(allow outbound 445, but use the "Scope" function to only allow your LAN outbound network range access.. blocking everything else).

That will stop the exploit from completing.

What are you all seeing in the wild?
(I only use Exchange via OWA via Linux.. so I'm  good ;)

--
T.Weeks
Thomas "Tweeks" Weeks
Director, Technology Futures and Community Advocacy
Division of Information Technology, Virginia Tech
Cyber Range Engineer, VirginiaCyberRange.org<http://www.virginiacyberrange.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rbtc.tech/pipermail/security-discuss/attachments/20230317/186117a1/attachment.html>


More information about the Security-Discuss mailing list