Microsoft Addresses Critical Outlook Zero-Day Bypass Vulnerability
Microsoft swiftly responded to a security vulnerability this week, addressing a flaw that allowed remote attackers to bypass recent patches targeting a critical zero-day security issue in Outlook. This zero-click bypass, known as CVE-2023-29324, impacts all supported versions of Windows and was brought to light by Akamai security researcher Ben Barnea.Barnea explained, “All Windows versions are affected by the vulnerability. As a result, all Outlook client versions on Windows are exploitable.”
The previously patched Outlook zero-day bug, identified as CVE-2023-23397, is a privilege escalation flaw in the Outlook client for Windows. This flaw enables attackers to illicitly obtain NTLM hashes without user interaction in NTLM-relay attacks. Exploiting the bug involves sending messages with extended MAPI properties containing UNC paths to customized notification sounds, leading the Outlook client to connect to SMB shares under the attackers’ control.
Microsoft tackled the issue by implementing a MapUrlToZone call to ensure that UNC paths do not link to internet URLs. Additionally, they replaced the sounds with default reminders if such links were detected.
Microsoft tackled the issue by implementing a MapUrlToZone call to ensure that UNC paths do not link to internet URLs. Additionally, they replaced the sounds with default reminders if such links were detected.