Outlook Information Disclosure Vulnerability

Summary

The Outlook Information Disclosure Vulnerability (CVE-2023-35636) affects Microsoft Outlook and can be exploited by convincing a victim to open a specially crafted file delivered via email or hosted on a malicious website. Exploitation of this vulnerability can lead to the disclosure of NTLM hashes, which could be leveraged as part of an NTLM relay or “pass the hash” attack. This could allow an attacker to masquerade as a legitimate user without having to log in. The nature of the vulnerability, its potential impact, and known exploits in the wild, particularly by ransomware groups, make it critical for organizations to apply the patch promptly to mitigate the risk.

News Articles

Help Net Security

CVE-2023-35636

Attackers can steal NTLM password hashes via calendar invites - Help Net Security

A Microsoft Outlook flaw may allow attackers to steal users' NTLM v2 hashes by adding two headers to an email carrying a calendar invite.

8 months ago

SecurityWeek

CVE-2023-23397CVE-2023-35636

New NTLM Hash Leak Attacks Target Outlook, Windows Programs

Data security firm Varonis has disclosed a new vulnerability and three attack methods for obtaining NTLM v2 hashes by targeting Microsoft Outlook and two Windows programs.  The new vulnerability is tracked as...

8 months ago

GBHackers on Security

CVE-2023-35636

New Outlook Flaw Let Attackers Access Hashed Passwords

A new Outlook vulnerability that can be used to extract NTLMv2 hashes by exploiting Outlook, Windows Performance Analyzer (WPA), and Windows File Explorer has been identified.

8 months ago

More News...