CVE-2023-23397
Published: 14 March 2023
Summary
CVE-2023-23397 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Outlook. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
Microsoft Outlook contains an elevation of privilege vulnerability identified as CVE-2023-23397. The flaw carries a CVSS v3.1 score of 9.8 and is associated with CWE-20 and CWE-294, indicating issues with improper input validation and authentication. It affects the Outlook email client and permits unauthenticated network-based attacks that require no user interaction.
An attacker can send a specially crafted message that triggers the vulnerability, allowing full elevation of privileges on the target system and resulting in complete loss of confidentiality, integrity, and availability.
Microsoft has issued remediation guidance through its Security Response Center, directing administrators to apply the available security updates. The vulnerability is listed in CISA’s catalog of known exploited vulnerabilities, confirming observed exploitation activity.
The associated EPSS score remains at a high level, with a recorded peak of 0.9575 and a current value of 0.9340.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-27497
Vulnerability details
Microsoft Outlook Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 14 March 2023
Related Threats
Threat-Actor AttributionAI
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of input to Outlook, blocking the improper input validation that enables unauthenticated privilege escalation.
Enforces access-control decisions so that an unauthenticated remote attacker cannot obtain elevated privileges on the Outlook client.
Requires timely remediation of the known exploited Outlook flaw, eliminating the authentication-bypass vector before exploitation.