We want to inform you of a critical security issue affecting Microsoft Outlook/365 applications.
This vulnerability, known as CVE-2023-23397, is being exploited by cybercriminals and requires immediate attention. In simple terms, attackers can gain unauthorized access to your systems and steal sensitive information just by sending a specially crafted email.
The concerning part is that you don't even need to open the email for the attack to take place. It happens automatically when the email is processed by your Outlook application. This affects nearly every version of Microsoft’s incredibly popular email client, Outlook, different versions of Microsoft 365 Apps for Enterprise, as well as Office 2013, 2016, and 2019.
At least 15 European organizations in government, military, energy, and transportation sectors have been targeted with the attacks attributed to Russian military intelligence. A private threat analytics report indicates that the state-sponsored Russian hacking group STRONTIUM has exploited this vulnerability to victims' networks.
Our team is working diligently to apply the necessary security patches and implement recommended safeguards to protect systems we manage. Microsoft has provided measures to help mitigate the risk, and we are taking every necessary step to ensure your data remains secure.
Please do not hesitate to reach out if you would like to discuss the risks and remediations we plan to implement moving forward.
If you don’t have a provider managing your system, please don’t hesitate to contact us to discuss how to patch this issue.
This is the list of affected software:
- Microsoft Outlook 2016 (64-bit edition)
- Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
- Microsoft Outlook 2013 RT Service Pack 1
- Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
- Microsoft Office 2019 for 32-bit editions
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft Office 2019 for 64-bit editions
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Outlook 2016 (32-bit edition)
- Microsoft Office LTSC 2021 for 32-bit editions
