Call (716) 373-4467
17Mar

Emergency Alert: Outlook Security Flaw

Databranch has been tracking a Microsoft Outlook security flaw, CVE-2023-23397.

The critical Outlook exploit affects both 32 and 64-bit versions of Microsoft 365 Apps for Enterprise. Office 2013, 2016, and 2019.

It is triggered by sending a malicious email (which doesn’t even need to be opened) that lets attackers capture the Net-NTLMv2 hash (challenge response protocols used for authentication in Windows environments) of the recipient and thereby authenticate as the victim.

More information can be found here.

Microsoft has released a patch to address some instances of Outlook.

If you are a managed maintenance client, we are actively working to patch vulnerable instances of Outlook for you. 

You may see the following prompts as your client is updated.  

 

 

Please feel free to reach out to support@databranch.com with any questions. 

If you are not a managed client and would like to discuss how Databranch can help to proactively manage, monitor, and patch your IT environment, please reach out to Databranch at 716-373-4467 x115 or info@databranch.com.

comments powered by Disqus
Administrative Privileges Annual Security Training Anti-Virus Authenticator App Backup and Recovery Backup Redundancy Breach Prevention Platform Breaches business continuity Business Email Compromise Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Infrastructure Cloud Security Cloud Solutions Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Insurance Cyberattacks cybersecurity Cybersecurity Breach Cybersecurity Culture Cybersecurity Training Dark Web Dark Web Monitoring Data Backup Data Backup Solution Data Breach Data Breaches Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Device Security Disaster Recovery DNS Filtering doug wilson employee cybersecurity training field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Identity Theft Insider Threats Internet Explorer IoT Devices IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed IT managed service provider managed services Manages Services MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Security New Computer Offboarding Office 365 Outlook Outsourced IT Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery Time Calculator Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key SLAM Method Smishing SMS Social Engineering Social Media Security Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Windows 8.1 Work Computers World Backup Day