Skip to main content

CVE-2023-23397 - Microsoft Outlook EoP

Download With Dependencies

This pack handles Microsoft Outlook EoP CVE-2023-23397 vulnerability

This pack is part of the Rapid Breach Response pack.

CVE-2023-23397 - Critical Elevation of Privilege vulnerability in Microsoft Outlook

Summary

Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows.

The playbook includes the following tasks:

Hunting:

  • Microsoft PowerShell hunting script
  • Advanced SIEM hunting queries
  • Indicators hunting

Mitigations:

  • Microsoft official CVE-2023-23397 patch
  • Microsoft workarounds
  • Detection Rules
    • Yara

References:

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 Audit & Eradication Script
Neo23x0 Yara Rules

This pack is part of the Rapid Breach Response pack.

CVE-2023-23397 - Critical Elevation of Privilege vulnerability in Microsoft Outlook

Summary

Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows.

The playbook includes the following tasks:

Hunting:

  • Microsoft PowerShell hunting script
  • Advanced SIEM hunting queries
  • Indicators hunting

Mitigations:

  • Microsoft official CVE-2023-23397 patch
  • Microsoft workarounds
  • Detection Rules
    • Yara

References:

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 Audit & Eradication Script
Neo23x0 Yara Rules

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedMarch 20, 2023
Last ReleaseMay 2, 2023
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.