Advanced

Microsoft Outlook Elevation of Privilege Vulnerability: What You Should Know

This vulnerability represents a critical, zero-click credential-theft technique against Microsoft Outlook. By embedding a malicious UNC path in a calendar reminder's sound-notification pr...

This vulnerability affects Microsoft Outlook and enables an adversary to compromise a victim's credentials simply by delivering a specially crafted email — no interaction from the recipient is required. At a high level, the flaw allows an attacker to force a victim's Outlook client to authenticate to an attacker-controlled remote server, leaking the victim's Windows NTLM authentication material in the process.

This behavior corresponds to what is publicly tracked as CVE-2023-23397, an elevation-of-privilege vulnerability in Microsoft Outlook for Windows. The underlying defect resides in how Outlook processes an extended MAPI property (PidLidReminderFileParameter) that specifies the path to a sound file to be played when a calendar reminder fires. Outlook does not adequately validate that this path is a legitimate local resource, which allows it to be pointed at a remote, attacker-controlled location.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The Microsoft Outlook Elevation of Privilege Vulnerability
  3. 3 Summary

More Vulnerability Briefings courses

View all 30

Interested in this course?

Contact us to book it or get a custom training plan for your team.