hippy Posted March 15 Share Posted March 15 https://www.techtarget.com/searchwindowsserver/news/365532560/Microsoft-stops-two-zero-days-for-March-Patch-Tuesday The second zero-day is a Microsoft Outlook elevation-of-privilege vulnerability (CVE-2023-23397) rated critical with a CVSS rating of 9.8. This flaw affects several Outlook versions, including Microsoft 365 Apps for Enterprise systems, and does not rely on the Outlook preview pane as an attack vector. "The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server," Microsoft wrote in its CVE notes. Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now