Critical Outlook Vulnerability Allows Credential Theft Without User Interaction (CVE-2023-23397)

Microsoft has addressed a critical security vulnerability in Outlook that allows complete system compromise. Tracked as CVE-2023-23397, this elevation of privilege flaw enables attackers to steal NTLM credentials silently. Exploitation requires no user interaction beyond email delivery.

Attackers send specially crafted emails triggering automatic NTLM authentication when processed by Outlook. The vulnerability forces the victim's system to authenticate with an attacker-controlled server. This leaks Windows credential hashes enabling domain compromise. All Microsoft Outlook versions are affected including Microsoft 365, Office 2013, 2016, 2019, 2021, and Outlook 2013 RT.

The vulnerability carries a CVSS 9.8 severity rating (Critical). Its attack vector is network-based with low attack complexity. No privileges or user interaction are required. Successful exploitation compromises confidentiality, integrity, and availability.

Mitigation requires immediate installation of the March 2023 security update via Windows Update or the Microsoft Update Catalog. Additionally, block outbound SMB traffic (TCP port 445) at network perimeter devices. This prevents credential leakage even before patching. Microsoft's Security Update Guide (https://msrc.microsoft.com/update-guide) provides centralized tracking for this vulnerability.

CERT-UA discovered and reported this flaw in early 2023. Microsoft released patches on March 14, 2023. Active exploitation occurred prior to patching. Organizations must prioritize updating all Outlook clients immediately. Delay significantly increases compromise risk.

This vulnerability demonstrates critical risks in email processing systems. The Microsoft Security Response Center (MSRC) continues to monitor threats through its Security Update Guide. Regular patch application remains the most effective defense against known exploits.