top of page

Security advisory: Microsoft Outlook privilege escalation vulnerability


Microsoft has released a patch for an Outlook vulnerability which allows an attacker to change Outlook mailbox folder permissions, allowing for email exfiltration for specific accounts BEFORE the email is viewed in the preview pane.


Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) which allows for a NTLM Relay attack against another service to authenticate as the user. This vulnerability is known to have been exploited by a hacking group linked to Russia’s military intelligence service, GRU, to target European organisations.

CVE-2023-23397 was found to allow a threat actor to harvest NTLMv2 hashes via a specially crafted Outlook appointment. According to Microsoft, attackers could exploit this vulnerability by sending an email that “triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.”

Affected Products

This flaw affects all Microsoft Outlook versions for Windows. It does not affect Mac, iOS, Android, or web versions of Outlook.

Risk/severity assessment

Overall risk assessment: Critical

CVE details: CVE-2023-23397

Current exploitability: High

Current distribution: Low to medium

Risk Type/Severity Level

Comand & control: Low

Disruption of service: High

Loss/theft of data: High

Threat Assessment

Attack vector: Network

Attack complexity: Low

Privileges required: None

User interaction: None

Detection potential: Low

Mitigation potential: High

Remediation potential: High

Response effort required: Low

Recommendations Crossword recommends immediately implementing the patch offered by Microsoft. Full information here:

For further information or advice, contact us.


bottom of page