CVE-2023-23397 - Microsoft Outlook EoP v1.0.5

This pack handles Microsoft Outlook EoP CVE-2023-23397 vulnerability

Author:
Cortex XSOAR
Support:
xsoar
URL:
https://www.paloaltonetworks.com/cortex
agentixxsiam
Case Management

README

This pack is part of the Rapid Breach Response pack.

CVE-2023-23397 - Critical Elevation of Privilege vulnerability in Microsoft Outlook

Summary

Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows.

The playbook includes the following tasks:

Hunting:

  • Microsoft PowerShell hunting script
  • Advanced SIEM hunting queries
  • Indicators hunting

Mitigations:

  • Microsoft official CVE-2023-23397 patch
  • Microsoft workarounds
  • Detection Rules
    • Yara

References:

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 Audit & Eradication Script
Neo23x0 Yara Rules