CVE-2023-35636

Name of the Vulnerable Software and Affected Versions Microsoft Outlook (affected versions not specified)

Description The issue is related to the calendar sharing function in Microsoft Outlook, which can be exploited to access NT LAN Manager (NTLM) v2 hashed passwords. Attackers can steal NTLM password hashes via calendar invites by adding two headers to an email. This exploit enables attackers to intercept NTLM v2 hashes, which are used for authentication in Microsoft Windows systems. The estimated number of potentially affected devices worldwide is around 910,000 services, mainly distributed in Germany, the United States, and other countries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.