Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
#msoutlook #cve #patchtuesday #march2023 #vulnerability
Countermeasures
The following mitigating factors may be helpful in your situation:
Add users to the Protected Users security group, which prevents the use of NTLM as an authentication mechanism. This measure makes troubleshooting easier than other methods of disabling NTLM.
Consider using it for important accounts such as domain administrators whenever possible. Please note: This may impact applications that require NTLM, but the settings will be restored once the user is removed from the Protected Users group. For more information, see Protected Users security group.
Block outgoing TCP 445/SMB traffic from your network using a perimeter firewall, a local firewall, and through your VPN settings. This will prevent NTLM authentication messages from being sent to remote file shares.
details
An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash, which could be used as the basis for an NTLM relay attack on another service to authenticate as that user.
Is the preview pane an attack vector for this vulnerability?
The attacker could exploit this vulnerability by sending a specially crafted email that is automatically triggered when retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is displayed in the preview window.
How do attackers exploit this vulnerability?
External attackers could send specially crafted emails that connect from the victim to an external UNC location under the attackers' control. This leaks the victim's Net-NTLMv2 hash to the attacker, who can then forward it to another service and authenticate as the victim.
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.