Hornetsecurity’s users are protected by the Spam and Malware Protection and Advanced Threat Protection services against inbound threats. The attacker can then relay this information to another service and authenticate as the victim, further compromising the system. This results in the leakage of the victim’s Net-NTLMv2 hash, a challenge-response protocol used for authentication in Windows environments.
It triggers a connection from the victim to a location controlled by the attacker. The exploit is initiated by fetching and processing a malicious email by the Outlook client, potentially leading to exploitation even before the email is displayed in the preview pane. Hornetsecurity detects emails that exploit the vulnerability and quarantines them to prevent emails from reaching the victim’s inbox. This malicious email enables the attacker to gain unauthorized access to the recipient’s credentials. The vulnerability, identified as CVE-2023-23397 with a CVSS score of 9.8, permits a remote, unauthorized attacker to compromise systems simply by transmitting a specifically crafted email. HKEY_CURRENT_USER\Software\Microsoft\Office\15.A severe security vulnerability has been discovered in Microsoft Outlook, which is currently being exploited by cybercriminals.
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity HKEY_CURRENT_USER\Software\Microsoft\Exchange Reg add HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity /v "Version" /t REG_DWORD /d 1 /f Reg add HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity /v "EnableADAL" /t REG_DWORD /d 1 /f To enable the feature, either open an elevated CMD and paste these commands in or add the entries manually via Registry Editor.ĬMD: reg add HKEY_CURRENT_USER\Software\Microsoft\Exchange /v "AlwaysUseMSOAuthForAutoDiscover" /t REG_DWORD /d 1 /f You should update to a newer and supported version soon, as things might stop working without notice. While this procedure will allow you (for now) to connect to Office 365, it is critical to remember that connection to Office 365 and Exchange Online via Office 2013 is not supported anymore. This process will activate the Modern Authentication workflow for all the apps included in Office 2013 (Outlook 2013, Excel 2013, Word 2013, OneNote, etc.), not just Outlook. Modern authentication is already enabled by default in Office 2016 and later versions. This is quickly done by adding some registry keys. Since Microsoft will soon start to turn off Basic Authentication for Exchange Online, you’ll have to enable Modern Authentication client-side if you still have some machines running Outlook 2013 and want them to connect to Office 365.
0 kommentar(er)
