Microsoft has some great tips to help you spot Outlook security flaws

Microsoft has released a new guide to help users determine whether or not a threat actor tried to steal sensitive data by exploiting a rece...

Microsoft has released a new guide to help users determine whether or not a threat actor tried to steal sensitive data by exploiting a recently patched zero-day vulnerability found in its Outlook email client.

The vulnerability is tracked as CVE-2023-23397, and it’s described as a privilege escalation security flaw on Windows, allowing threat actors to steal NTLM hashes without the victim interacting on their side of the endpoint. The attack is called NTLM-relay zero-click attack.

Tarlogic describes NTLM hashes as “cryptogrpahic formats” in which Windows stores user passwords. These hashes are stored in the Security Account Manager (SAM), or NTDS file of a domain controller. “They are a fundamental part of the mechanism used to authenticate a user through different communications protocols,” it says.

Multiple signs of exploitation

To leverage the flaw and steal these hashes, a threat actor can send a specially crafted message with extended MAPI properties. These will contain UNC paths (Universal naming convention paths, used to access network resources) to attacker-controlled Server Message Block (SMB) shares. 

Now, back to what Microsoft did - the Redmond software giant claims there are multiple signs of exploitation that IT teams can analyze: telemetry data from firewalls, proxies, VPN tools, RDP Gateway logs, Azure Active Directory sign-in logs for Exchange Online users, or IIS Logs for Exchange Server. 

They can also look for data like Windows event logs, or telemetry data from endpoint detection and response solutions. Threat actors will often target Exchange EWS/OWA users, and look to change mailbox folder permissions to grant themselves persistent access, which is also what IT teams can look for, Microsoft concluded. 

"To address this vulnerability, you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform) or your organization’s support for NTLM authentication," the Microsoft Incident Response team said.

Finally, the company also released a script that helps admins automate the process and determine if any Exchange users were compromised. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/LOxQ9Dp
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft has some great tips to help you spot Outlook security flaws
Microsoft has some great tips to help you spot Outlook security flaws
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/03/microsoft-has-some-great-tips-to-help.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/03/microsoft-has-some-great-tips-to-help.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy