ACSC Warns: Critical Outlook Vulnerability Puts Sensitive Data at Risk
The Australian Cyber Security Centre (ACSC) has issued a high alert regarding a critical vulnerability in all versions of Microsoft Outlook for Windows, identified as CVE-2023-23397. This vulnerability could potentially leak sensitive user information if exploited.
ACSC is currently monitoring the situation and stands ready to assist and advise Australian organizations in need. Despite their vigilance, they are not aware of any successful exploitation attempts against Australian organizations as of now.
The vulnerability, a critical privilege escalation, allows for the potential leakage of the NTLM hash of the user to an untrusted network. ACSC recommends Australian organizations block outbound SMB traffic on ports 139 and 445 as a temporary mitigation measure.
Australian organizations are advised to apply the available patch immediately to protect against this vulnerability. ACSC urges all Australian organizations using Microsoft Outlook for Windows to review their patch status and update to the latest version.
For further assistance or advice, Australian organizations can contact ACSC via 1300 CYBER1 (1300 292 371). ACSC continues to monitor the situation and will provide updates as necessary. In the meantime, prompt patching and implementation of recommended mitigation measures are crucial to safeguard against potential threats.
