Cyber Resilience

CVE-2023-23397

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 14 March 2023

Published
14 March 2023
Modified
27 October 2025
KEV Added
14 March 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9340 99.8th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-23397 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Outlook. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Microsoft Outlook contains an elevation of privilege vulnerability identified as CVE-2023-23397. The flaw carries a CVSS v3.1 score of 9.8 and is associated with CWE-20 and CWE-294, indicating issues with improper input validation and authentication. It affects the Outlook email client and permits unauthenticated network-based attacks that require no user interaction.

An attacker can send a specially crafted message that triggers the vulnerability, allowing full elevation of privileges on the target system and resulting in complete loss of confidentiality, integrity, and availability.

Microsoft has issued remediation guidance through its Security Response Center, directing administrators to apply the available security updates. The vulnerability is listed in CISA’s catalog of known exploited vulnerabilities, confirming observed exploitation activity.

The associated EPSS score remains at a high level, with a recorded peak of 0.9575 and a current value of 0.9340.

EU & UK References

Vulnerability details

Microsoft Outlook Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
14 March 2023

Related Threats

Threat-Actor AttributionAI

APT28 (G0007)aka Fancy Bear
Microsoft and Proofpoint attributed exploitation of CVE-2023-23397 to Russian state-sponsored TA422/APT28 in targeted phishing campaigns (MSRC March 2023, Proofpoint reports).

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2019
microsoft
office long term servicing channel
2021
microsoft
outlook
2013, 2016

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of input to Outlook, blocking the improper input validation that enables unauthenticated privilege escalation.

prevent

Enforces access-control decisions so that an unauthenticated remote attacker cannot obtain elevated privileges on the Outlook client.

prevent

Requires timely remediation of the known exploited Outlook flaw, eliminating the authentication-bypass vector before exploitation.

References