Call (716) 373-4467
17Mar

Emergency Alert: Outlook Security Flaw

Databranch has been tracking a Microsoft Outlook security flaw, CVE-2023-23397.

The critical Outlook exploit affects both 32 and 64-bit versions of Microsoft 365 Apps for Enterprise. Office 2013, 2016, and 2019.

It is triggered by sending a malicious email (which doesn’t even need to be opened) that lets attackers capture the Net-NTLMv2 hash (challenge response protocols used for authentication in Windows environments) of the recipient and thereby authenticate as the victim.

More information can be found here.

Microsoft has released a patch to address some instances of Outlook.

If you are a managed maintenance client, we are actively working to patch vulnerable instances of Outlook for you. 

You may see the following prompts as your client is updated.  

 

 

Please feel free to reach out to support@databranch.com with any questions. 

If you are not a managed client and would like to discuss how Databranch can help to proactively manage, monitor, and patch your IT environment, please reach out to Databranch at 716-373-4467 x115 or info@databranch.com.

Back to view all blog posts

Comments
comments powered by Disqus
Administrative Privileges Annual Security Training Anti-Virus Authenticator App Backup and Recovery Breaches business continuity Business Email Compromise Business Phone System BYOD Call Directory Cisco Cloud Infrastructure Cloud Security Cloud Solutions Compromised Credentials computer support Computer Upgrades Conditional Access Cyber Attacks Cyber Criminals Cyber Insurance Cyberattacks cybersecurity Cybersecurity Breach Cybersecurity Training Dark Web Monitoring Data Backup Data Backup Solution Data Breach Data Breaches data protection Data Recovery Device Security Disaster Recovery DNS Filtering doug wilson field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Internet Explorer IT Compliance IT Policies IT Security IT Services Juice Jacking Local Admin local admin privileges Lost Devices malware managed service provider managed services MFA Microsoft Microsoft 356 Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication New Computer Offboarding Office 365 Outlook Password Manager Password Managers Password Protection password security Passwords Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi RAM Ransomware repeatbusinesssystems Ring Groups Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key SLAM Method Smishing SMS Social Media Security Solid-State Drive SSD stolen credentials Storage Teams technology best practices Technology Policies Technology Review Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Work Computers World Backup Day