CVE-2023-23397 - Microsoft Outlook EoP v1.0.5
This pack handles Microsoft Outlook EoP CVE-2023-23397 vulnerability
- Author:
- Cortex XSOAR
- Support:
- xsoar
agentixxsiam
Case Management
Playbooks (1)
README
This pack is part of the Rapid Breach Response pack.
CVE-2023-23397 - Critical Elevation of Privilege vulnerability in Microsoft Outlook
Summary
Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows.
The playbook includes the following tasks:
Hunting:
- Microsoft PowerShell hunting script
- Advanced SIEM hunting queries
- Indicators hunting
Mitigations:
- Microsoft official CVE-2023-23397 patch
- Microsoft workarounds
- Detection Rules
- Yara
References:
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 Audit & Eradication Script
Neo23x0 Yara Rules