Outlook zero-day exploited by Russian APT addressed

Microsoft has addressed a critical zero-day security flaw in Outlook that has been leveraged by Russian state-sponsored hacking operation APT28, also known as Fancy Bear, STRONTIUM, Sofacy, and Sednit, in its attacks against European organizations, reports BleepingComputer. Fewer than 15 government, energy, transportation, and military entities across Europe had their networks breached from April to December through the vulnerability, tracked as CVE-2023-23397, to enable credential theft and email exfiltration, according to Microsoft. "The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. The connection to the remote SMB server sends the user's NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication," said Microsoft. While immediate patching is urged to remediate the flaw, Microsoft has also provided a mitigation and targeting detection script to avert attacks.