After attacks from Russia: Microsoft warns of serious security vulnerabilities in Outlook

Microsoft indirectly announced that all Windows versions of Outlook have a serious vulnerability. The company published its latest updates on Tuesday – like every Tuesday of the month. This time, one of the 80 so-called patches (in English: patches) was intended to close a hole in Outlook.

According to Microsoft’s “KrebsOnSecurity” cybercrime blog, the security update number CVE-2023-23397 is classified as “critical” with a severity rating of 9.8 (the maximum value is 10).

Fancy Bear exploited a vulnerability

According to the company, the vulnerability has been actively exploited. “A Russian-based threat actor used the vulnerability patched in CVE-2023-23397 to launch attacks against a limited number of government, transportation, energy, and military organizations in Europe.”

According to Spiegel.de, the attackers are a hacker group called APT28, which is close to the Russian military intelligence service GRU. It is also known as Strontium, Sednit, Sofacy, and Fancy Bear.

The hackers used the vulnerability from April 2022 to December of the same year to gain access to the mail systems.

How is it attacked?

KrebsOnSecurity cybercrime experts write:

That means: On the other hand, it doesn’t even need to click a link or anything to open a port for the attackers. It is sufficient if the server accepts the message. This is similar “to an attacker who has a valid password and access to a company’s systems,” the blog quotes IT security expert Kevin Breen.

Who is affected?

According to a Microsoft blog post, all Windows versions of Outlook that are still supported by Microsoft are affected by the vulnerability.

Outlook on the web running in the browser and the Outlook apps for Android iOS, macOS and all other services of the Microsoft 365 Office suite are immune because they don’t use the same technology.

Sources

(t-online/dsc)