Avanan customers are protected against a new vulnerability, CVE-2023-23397.
This vulnerability, which made headlines last week, is blocked by our SmartPhish product and all customers are protected.
The attack works like this:
Hackers can send malicious messages to end-users designed to steal NTLM authentication hashes. This can be an email, a task or a calendar invite. This comes with a reminder attribute, which instructs Outlook on how to alert the user about the upcoming event. This attribute has the option to use a custom audio file, and the downloading of this file can expose the user's NTLM hashes. As soon as this message is received by the victim, the vulnerability is triggered and the NTLM hashes are returned to the sender.
This process happens as soon as Outlook processes the email. No action by the end user is required.
As soon as the email shows as delivered in Outlook, it’s game over. Your user’s credentials have been harvested.
This attack is specifically designed to bypass Microsoft and Microsoft alone. It underscores the critical importance of a two-layer approach. Since it bypasses Microsoft, having another service behind it is critical. This is not meant to criticize Microsoft--it is the most popular, therefore most attacked platform in the world, and hackers will spend their days (and nights) figuring out how to bypass it. That is why we recommend to customers that having an additional security layer from another vendor keeps the organization safer.