1SOC Advisory: Information Disclosure Vulnerability CVE-2023-35636 in Microsoft Outlook
A critical security flaw in Microsoft Outlook, identified as CVE-2023-35636, allows threat actors to compromise NT LAN Manager (NTLM) v2 hashed passwords. This vulnerability, now patched, poses a significant risk, particularly in email and web-based attack scenarios. This advisory provides an in-depth analysis of the issue, potential attack vectors, and recommended mitigations.
The vulnerability is rooted in the calendar-sharing function of Microsoft Outlook, enabling the exposure of NTLM v2 hashed passwords during authentication. The flaw was discovered by Varonis security researcher Dolev Taler and addressed by Microsoft in December 2023.
Email Attack Scenario:
Web-Based Attack Scenario:
The vulnerability has been addressed by Microsoft as part of the Patch Tuesday updates for December 2023. Users are strongly advised to apply the latest patches to mitigate the risk of exploitation.
Related Threat Intelligence
Varonis researcher Dolev Taler highlights the use of Windows Performance Analyzer (WPA) and Windows File Explorer as unpatched attack vectors. These methods pose additional risks of NTLM hash leakage and relay attacks.
Given the severity of the Outlook vulnerability, organizations and individuals must prioritize the implementation of patches and adopt proactive security measures. This advisory aims to provide a comprehensive understanding of the threat landscape and assist in safeguarding against potential exploitation of NTLM credentials. Stay vigilant and adhere to best practices for securing email and web-based interactions.
If you have any questions or require further information on any other cybersecurity matters, please don’t hesitate to contact our dedicated team at email@example.com.
If you want to see more about the SOC service we offer, please follow this link https://c1soc.com
To ask a question, go to our support portal, Cyber1 SOC Customer Support