Microsoft Outlook Elevation of Privilege Vulnerability
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft 365 Apps
APPMicrosoftwszystkie wersjeMicrosoft Office
APPMicrosoft2019Microsoft Office Long Term Servicing Channel
APPMicrosoft2021Microsoft Outlook
APPMicrosoft20132016
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Office
- Added to KEVi
- March 14, 2023
- Remediation deadline (US Federal)i
- April 4, 2023(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 4 kwietnia 2023
Related vulnerabilities
CVE-2024-21413CRITICAL9.8⚠ KEVPL ✓ten sam produkt
RCE w Microsoft Outlook — podatność MonikerLink (CVE-2024-21413)
CVE-2025-60724CRITICAL9.8PL ✓ten sam produkt
Heap buffer overflow w Microsoft Graphics Component — zdalne wykonanie kodu
CVE-2025-53766CRITICAL9.8PL ✓ten sam produkt
Przepełnienie bufora sterty w Windows GDI+ umożliwia zdalne wykonanie kodu
CVE-2023-33150CRITICAL9.6ten sam produkt
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-21716CRITICAL9.8ten sam produkt
Microsoft Word Remote Code Execution Vulnerability