The Government Plenipotentiary for Cybersecurity issued a special announcement about a security gap in a popular e-mail tool. Take care of your online safety.
photo. Warsaw in a Nutshell
Vulnerabilities, i.e. errors and security gaps, also occur in commonly used products of large suppliers. Microsoft has published information about a critical (ie easy to exploit and wide-ranging) vulnerability in the Outlook application on Windows. It can lead to remote takeover of the account, without the user’s participation.
The vulnerability has been actively used in attacks by one of the groups affiliated with the Russian government since April 2022, including in Poland.
We recommend immediate action by administrators of all organizations whose users use email via the Microsoft Outlook client.’
How it’s working?
The vulnerability allows you to take control of a user’s account in two ways. One method allows you to recover your password through a dictionary attack, which is one that uses trial and error to discover your login details. Carrying out such an attack is easier when we have a short password – the number of combinations to check is then simply smaller. The second method allows you to use the user’s session directly to sign in to other organization services.
It is enough for the victim to receive the appropriate e-mail message to carry out the attack. No user action is required. The attack can be carried out remotely. The obtained domain password can be used to log in to other publicly available company services. If two-factor authentication is not used, it can lead to an attacker gaining access to the corporate network.
How to defend yourself?
All versions of Microsoft Outlook for the Windows platform are vulnerable. Versions for Android, iOS or macOS platforms are not affected. Cloud services such as Microsoft 365 are also not vulnerable.
The first step that administrators should take is to update the application in accordance with the guidelines on the dedicated page:
We also recommend that you familiarize yourself with the recommendations prepared by the CERT Polska team and available here: Actively exploited critical vulnerability in Microsoft Outlook (CVE-2023-23397) | CERT Poland
It is also worth recalling that the use of strong passwords will significantly hinder the use of vulnerabilities by cybercriminals. You can read about how to create such passwords here: Passwords | CERT Poland. An important recommendation is also the use of two-factor authentication, in particular for services exposed to the Internet.
How can organizations check their security?
Microsoft has released a tool that allows organizations to check whether their users have received messages that allow exploitation of the vulnerability. It is available to administrators here:
If attempts to exploit vulnerabilities are detected, it will be necessary to start the incident handling procedure and contact the appropriate CSIRT.
