Researchers published a proof of concept for a critical privilege escalation vulnerability in Microsoft Outlook, CVE-2023-23397. The zero-day fixed the other day with a rating of 9.8 has been used in attacks at least since April 2022. And it allows you to steal NTLM credentials by simply sending an email to the victim. The exploit is enough for Outlook to be open and the reminder of the letter to be triggered in the system. Accordingly, the user is not involved in the attack.
The exploit sends the attacker hashed NTLM data, which can later be used in relay attacks1. At the same time, it involves a pair of elementary parameters, which was discovered after analyzing the Microsoft script released. So the number of attacks under this vulnerability will now quickly go up. Read more at the link and don’t forget to roll out patches.