CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2023-23397

CVSS 9.8v3.1pub. 2023-03-14upd. 2025-10-27

Microsoft Outlook Elevation of Privilege Vulnerability

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft 365 Apps

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Office

    APP
    Microsoft
    2019
  • Microsoft Office Long Term Servicing Channel

    APP
    Microsoft
    2021
  • Microsoft Outlook

    APP
    Microsoft
    20132016

CISA KEV — detailsi

Vendori
Microsoft
Producti
Office
Added to KEVi
March 14, 2023
Remediation deadline (US Federal)i
April 4, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 4 kwietnia 2023
CWE
References

Related vulnerabilities

CVE-2024-21413CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE w Microsoft Outlook — podatność MonikerLink (CVE-2024-21413)

CVE-2025-60724CRITICAL9.8PL ✓ten sam produkt

Heap buffer overflow w Microsoft Graphics Component — zdalne wykonanie kodu

CVE-2025-53766CRITICAL9.8PL ✓ten sam produkt

Przepełnienie bufora sterty w Windows GDI+ umożliwia zdalne wykonanie kodu

CVE-2023-33150CRITICAL9.6ten sam produkt

Microsoft Office Security Feature Bypass Vulnerability

CVE-2023-21716CRITICAL9.8ten sam produkt

Microsoft Word Remote Code Execution Vulnerability