Information – Microsoft Critical Privilege Escalation Vulnerability – CVE-2023-23397

15/03/2023 15:30:00 PM (GMT)

Microsoft have released security updates for a critical zero-day vulnerability in Outlook, Office, and Microsoft 365 Apps for Enterprise known as CVE-2023-23397. Microsoft have reported knowledge of targeted exploitation of this privilege escalation vulnerability that could potentially allow a malicious actor (or actors) to undertake credential theft. Investigations have confirmed that the NHSmail platform, which does not utilise NTLM as an authentication method, is not impacted by this vulnerability.

NHS Organisations are strongly encouraged to engage with their Local I.T. provider to determine if any further action is required elsewhere to mitigate this vulnerability. Please ensure that you apply any available updates issued by Microsoft on your workstation and follow the relevant guidance as it is issued.

Further information is available here: Critical Privilege Escalation Vulnerability in Microsoft Outlook for Windows – NHS Digital

If you require additional help and support, the NHSmail helpdesk is available 24 hours-a-day, 7 days-a-week on 0333 200 1133 or by emailing

back to top