Security Update: Quick look at the Microsoft Outlook’s CVE-2023-35636 Vulnerability

CVE-2023-35636 is a security vulnerability found in Microsoft Outlook. It specifically exploits the calendar sharing function.

Image Credit: logos-world.net

Impact

The vulnerability leads to an information disclosure. Exploiting this vulnerability could allow the disclosure of NTLM hashes, which are used for authentication in Microsoft Windows systems.

Exploitability

The exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website containing a specially crafted file designed to exploit the vulnerability.

Severity

The severity of this vulnerability is rated as medium with a CVSS base score of 6.5.

Affected Software

The vulnerability affects the following software configurations:

• Microsoft 365 Apps
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office Long Term Servicing Channel 2021

Mitigation

Microsoft has released a patch to address this vulnerability. Users are advised to apply the patch to mitigate the risk associated with this vulnerability.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.