Information – Microsoft Critical Privilege Escalation Vulnerability – CVE-2023-23397
15/03/2023 15:30:00 PM
Microsoft have released security updates for a critical zero-day vulnerability in Outlook, Office, and Microsoft 365 Apps for Enterprise known as CVE-2023-23397. Microsoft have reported knowledge of targeted exploitation of this privilege escalation vulnerability that could potentially allow a malicious actor (or actors) to undertake credential theft. Investigations have confirmed that the NHSmail platform, which does not utilise NTLM as an authentication method, is not impacted by this vulnerability.