IT Professionals:
On March 14, 2023, Microsoft disclosed a vulnerability (CVE-2023-23397) that allows malicious actors to send specially-crafted emails that will allow them to steal credentials – specifically the NTLM hash of the victim. The NTLM hash can be used to authenticate as the victim to other IU services. This vulnerability requires no user interaction and will execute upon receipt in Outlook WITHOUT being opened or viewed in the preview pane.
The University Information Security Office (UISO) strongly recommends patching if you work with Outlook on any Windows device. NTLM is still available to the underlying Windows operating system and thus systems are still vulnerable to this exploit until the client is fully patched. The patch can be applied via Windows Update or finding your appropriate version of Windows on the update guide.
Endpoint Management Services (EMS) has made this update available for centrally managed devices. The update has been deployed and should be showing as required install on all UDM devices. Installation timing is configured according to the individual UDM tenant. Tenants can manually deploy the office updates in the same fashion as a Windows Servicing Feature Update is deployed.
For more information about this vulnerability, please review the Microsoft Blog and Microsoft Team Blog. Further questions or concerns can be directed to the UISO at uiso@iu.edu.
–IT Community Partnerships on behalf of University Information Security Office