Dive Brief:
- Researchers are warning that state-linked and financially motivated threat actors may try to exploit a critical zero-day vulnerability in Microsoft Outlook to launch new attacks against unpatched systems.
- Microsoft urged customers to patch their systems against CVE-2023-23397 to address the critical escalation of privilege vulnerability in Microsoft Outlook for Windows, the company said Tuesday. Microsoft Threat Intelligence warned that a Russia-based threat actor launched attacks against targeted victims in several European countries.
- Mandiant researchers warned that other criminal and cyber-espionage actors will race to find new victims vulnerable to the zero day before organizations can apply patches.
Dive Insight:
The Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerability Catalog Tuesday, urging organizations to follow Microsoft's mitigation steps.
The vulnerability, which has a CVSS score of 9.8, allows an attacker to send a specially crafted email to a targeted victim and leads to a connection to an external universal naming convention location that is controlled by the attacker. No user interaction is needed in this attack.
The vulnerability impacts all supported versions of Microsoft Outlook for Windows. Services, including Microsoft 365, that do not support new technology LAN manager authentication are not vulnerable to these types of attacks, according to Microsoft.
A Russia-linked threat actor, APT28, has been publicly linked to attacks, which have targeted key sectors in Ukraine, Turkey, Romania and Poland since April, according to Mandiant.
“This is more evidence that aggressive, disruptive and destructive cyberattacks may not remain constrained to Ukraine and a reminder that we cannot see everything,” John Hultquist, head of Mandiant Intelligence Analysis, Google Cloud said via email. “While preparation for attacks do not necessarily indicate they are imminent, the geopolitical situation should give us pause.”
