← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-23397 — Actively Exploited: Office (Microsoft)

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

CVE IDCVE-2023-23397
VendorMicrosoft
ProductOffice
Vulnerability nameMicrosoft Office Outlook Privilege Escalation Vulnerability
Date added2023-03-14
Remediation due2023-04-04
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionMicrosoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →