The Latest ‘Critical’ Microsoft Outlook Vulnerability: 5 Things To Know
Security researchers say the vulnerability is unusually dangerous and should be prioritized for patching.
It’s Being Actively Exploited
The Outlook vulnerability is also being seen as problematic because it’s already been exploited by attackers. The flaw, in fact, was discovered and reported to Microsoft by the Ukraine Computer Emergency Response Team (CERT-UA). In a post, Microsoft said that its threat intelligence unit “assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe.”
In a post Friday, researchers from Deep Instinct reported that it has “found additional samples exploiting this vulnerability including the potential attack that was reported by CERT-UA.”
“The attacks on Romania, Poland, and Ukraine [leveraging the flaw] align with Russian interests, while the attacks on Jordan and Turkey might be related to a different threat actor,” Deep Instinct researchers said in the post.