New exploits are a dime-a-dozen in the software world. There are all sorts of clever things that attackers come up with for stealing your information… after all, it is their job. The more clever the exploit, the longer it can take for security researchers to find it. But every once in a while, attackers just find a bug that’s kind of ridiculous, and makes you wonder what Microsoft were thinking. CVE-2023-23397 is one of those bugs. In today’s post, we’ll tell you a little bit about what the threat is, how to fix it, and most importantly, what you may have already done to prevent the exploit from being used against you—that is, if you’ve got multi-factor authentication implemented where it counts: on your network.
A Zero-Touch Exploit
The Outlook security vulnerability in question is most problematic because the person being targeted in the attack doesn’t have to do anything except open Outlook to be on the wrong end of the attack. In more detailed terms: an attacker sends you an email, you receive the email, and Outlook connects you to the attacker’s server thinking that it’s a resource that you need to authenticate to access. Instead of being a shared folder, it’s the attacker’s server, and they simply collect your credentials from you.
These attacks can be very targeted, and even with the best email security practices and filtering, you can’t catch 100% of malicious emails. This exploit is (basically) the highest level of security vulnerability, at 9.8 out of 10, because you don’t even have to open the email, it just has to be sent to you. This is what’s known as a “zero-touch” exploit.
The feature that is being exploited here is pretty silly: apparently you could send an email to someone who uses Outlook (on the desktop) and include your own custom audio file for the notification sound that it makes on the receiver’s computer. While I think it’s a cool idea as a musician, I don’t think it’s very cool to be made to hear a sound by absolutely anyone who can send you an email. It’s just another one of those things that shows how powerful the Office suite is, but also how exploitable its tools can be.
Serious Authentication is a Must
What Outlook is leaking, in this case, is your identity on your own network, or the login and password you use to log into your workstation. This can happen whether your workstation is on premises, or if you use a VPN to connect to your business’ network. Any WIndows computer with Outlook installed on it should have run Windows Update to patch the bug this week.
Since what is being leaked out in this attack are network credentials—and trust me, they’ll be targeted in the future—if you have Multi-Factor Authentication (MFA) implemented on your network, an intruder would need more than just a login and password to get into your network. WIthout it, attacks like this turn your network into a sitting duck. As your MSP, Crown Computers can help tailor an MFA solution that works best for you and helps you know that your users are the only ones able to access your network.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team