7 matches found
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager NTLM v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 CVSS score: 6.5, was addressed by the tech giant as part of its Patch Tuesday updates...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to impersonate another user or gain access to sensitive data, potentially including full access to the local file system. Successful exploitation requires the malicious party to tri...
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
Microsofts monthly security update released Tuesday is the companys lightest in four years, including only 33 vulnerabilities. Perhaps more notable is that there are no zero-day vulnerabilities included in Decembers Patch Tuesday, a rarity for Microsoft this year. The companys regular set of...
CVE-2023-35636
Microsoft Outlook Information Disclosure Vulnerability...
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability
...
CVE-2023-35636
CVE-2023-35636 is an information-disclosure vulnerability in Microsoft Outlook. The issue involves the calendar sharing feature where sending a crafted email with two headers could cause Outlook to disclose data, including NTLMv2 password hashes, to an attacker-controlled responder. Public detail...
Security Updates for Outlook (December 2023)
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not tested for this issue but has...