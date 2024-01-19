In a revealing disclosure, Varonis' security researchers have detailed three password-stealing exploits affecting Microsoft products, one of which poses a significant risk to Microsoft Outlook users. This exploit, identified as CVE-2023-35636, allows the leakage of hashed passwords through malicious calendar invites, thereby enabling cyber attackers to gain unauthorized access to sensitive information.

Advertisment

Unveiling the Outlook Exploit

The Outlook vulnerability, which was reported to Microsoft in July 2023 and subsequently patched on December 12, operates in a particularly insidious manner. It requires a victim to click on a malicious calendar invite. This action prompts Outlook to attempt to authenticate on the attacker's machine to retrieve an iCalendar (.ics) file, inadvertently exposing the victim's hashed password.

Additional Vulnerabilities

Advertisment

Varonis' researchers have also discovered two other vulnerabilities affecting the Windows Performance Analyzer (WPA) and Windows File Explorer (WFE). Unlike the Outlook vulnerability, Microsoft did not deem these severe enough to warrant patches. The reasoning behind this decision is that these exploits require more user interaction and are considered an abuse of functionality rather than genuine vulnerabilities.

Mitigating the Attacks

Varonis recommends enforcing Kerberos authentication over NTLM v2 to mitigate such attacks. They also advise staying vigilant against phishing tactics and emphasize the importance of monitoring for unusual protocol communication. Keeping abreast with software updates is another key prevention measure to ward off exploitation.