Call (716) 373-4467
17Mar

Emergency Alert: Outlook Security Flaw

Databranch has been tracking a Microsoft Outlook security flaw, CVE-2023-23397.

The critical Outlook exploit affects both 32 and 64-bit versions of Microsoft 365 Apps for Enterprise. Office 2013, 2016, and 2019.

It is triggered by sending a malicious email (which doesn’t even need to be opened) that lets attackers capture the Net-NTLMv2 hash (challenge response protocols used for authentication in Windows environments) of the recipient and thereby authenticate as the victim.

More information can be found here.

Microsoft has released a patch to address some instances of Outlook.

If you are a managed maintenance client, we are actively working to patch vulnerable instances of Outlook for you. 

You may see the following prompts as your client is updated.  

 

 

Please feel free to reach out to [email protected] with any questions. 

If you are not a managed client and would like to discuss how Databranch can help to proactively manage, monitor, and patch your IT environment, please reach out to Databranch at 716-373-4467 x115 or [email protected].

comments powered by Disqus
Administrative Privileges AI algorithms Annual Security Training Anti-Virus Artificial Intelligence Authenticator App Backup and Recovery Backup Redundancy BCDR breach prevention Breach Prevention Platform Breaches business continuity Business Email Compromise Business Email Compromises Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Infrastructure Cloud Security Cloud Solutions Comprehensive Cybersecurity Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Defenses Cyber Insurance cyber liability insurance Cyber Risk Management Cyberattacks Cyberinsurance cybersecurity Cybersecurity Awareness month Cybersecurity Breach Cybersecurity Culture Cybersecurity Training Cybersecurity Webinar Dark Web Dark Web Monitoring Data Backup Data Backup and Recovery Data Backup Solution Data Breach Data Breaches Data Governance Data Management Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Data Restoration deepfake Deepfakes Defense in Depth Denial of Service Device Security Disaster Recover Disaster Recovery DNS Filtering doug wilson employee cybersecurity training Endpoint Detection and Response field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Identity Theft incident response plan Incident Response Planning Insider Threats Internet Explorer Internet of Things Intrusion Detection Intrusion Prevention IoT Devices IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed Clients Managed IT managed service provider managed services Manages Services MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Monitoring Network Security Network Testing New Computer NIST Framework Offboarding Office 365 Outlook Outsourced IT Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery Time Calculator Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Risk Tolerance Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key Security Scans SLAM Method Smishing SMS Social Engineering Social Media Security Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Webinar Windows 8.1 Work Computers World Backup Day