**Name of the Vulnerable Software and Affected Versions:**

Microsoft Outlook versions prior to February 2023 Patch Tuesday.

**Description:**

A critical privilege escalation vulnerability exists in Microsoft Outlook, identified as CVE-2023-23397. This flaw allows attackers to gain unauthorized access to email accounts and potentially compromise systems without user interaction. The vulnerability enables attackers to execute code remotely by exploiting NTLM authentication processes within Outlook. Exploitation involves sending a specially crafted email, triggering the vulnerability when the email is processed by the Outlook client.

Russian-linked threat actors, including APT28 (also known as Fancy Bear, Forest Blizzard, Pawn Storm, and BlueDelta), have been actively exploiting this vulnerability in targeted attacks against organizations in various sectors, including those in Poland, Ukraine, and the United States. These attacks have been observed since at least April 2022, and continue to be actively exploited. The attacks involve credential theft and potential access to sensitive information. Approximately an estimated number of devices worldwide are potentially affected.

The vulnerability allows attackers to perform NTLM relay attacks, potentially compromising domain credentials. Attackers can exploit this vulnerability by sending a malicious calendar event or task within an email.

**Recommendations:**

Apply the February 2023 Patch Tuesday updates or later to mitigate this vulnerability.