Microsoft has released a patch (CVE-2023-35636) to address a security flaw in Outlook that allowed threat actors to exploit a specially crafted file and gain access to NT LAN Manager (NTLM) v2 hashed passwords. This vulnerability could be exploited through email or web-based attacks [2] [3] [4].

Description

The flaw was found in the calendar-sharing function of Outlook [2] [3] [4] [5], where a malicious email message could expose a victim’s NTLM hash during authentication [2] [3] [4]. Microsoft has addressed this issue with a patch. However, two additional unpatched vulnerabilities using Windows Performance Analyzer and Windows File Explorer have been discovered.

Conclusion

In an effort to enhance security, Microsoft plans to discontinue the use of NTLM in Windows 11 and instead use Kerberos. This highlights the ongoing threat of attackers stealing NTLM hashes [1]. It is crucial for users to apply the patch and remain vigilant against potential email or web-based attacks.

References

[1] https://webstudioflorida.com/protecting-against-attackers-stealing-ntlm-hashes/
[2] https://blog.ehcgroup.io/2024/01/29/09/42/08/16562/investigadores-descubren-como-la-vulnerabilidad-de-outlook-podria-filtrar-sus-contrasenas-ntlm/noticias-de-seguridad/ehacking/
[3] https://flyytech.com/2024/01/29/researchers-uncover-how-outlook-vulnerability-could-leak-your-ntlm-passwords/
[4] https://thehackernews.com/2024/01/researchers-uncover-outlook.html
[5] https://datagene.ai/researchers-uncover-how-outlook-vulnerability-could-leak-your-ntlm-passwords/