A hack that requires zero interaction with the exploit has been found.
It’s common to hear about hacking threats that requires users to click links in emails, but what if it were possible for attackers to send emails that contain an exploit that is triggered by simply receiving the email?
That time is now.
No user interaction is required for this exploit to deliver its payload. No need to click the email. No need to even preview the email in the Reading Pane.
As soon as the email reaches your inbox, it’s too late.
This critical Outlook vulnerability is rated at a 9.8 out of a maximum of 10.
What is currently known about this.
Mandiant, the threat intelligence company owned by Google, believes that the CVE-2023-23397 Microsoft Outlook zero-day vulnerability has been actively exploited since April of 2022.
This exploit has been used to target both organizations and critical infrastructure and has been publicly attributed to the Russian military intelligence-connected threat actor, APT28.
The vulnerability has been exploited in order to gain information on government, defense, logistics, transportation, and energy targets in Poland, Romania, Turkey, and Ukraine.
Given that this is a no-user-interaction exploit, there is a large potential for harm and no guarantee that attacks will remain focused abroad.
Mandiant has stated that it anticipates broad and rapid adoption of this exploit by multiple nation-states and financially motivated bad actors.
It’s important to act now to protect your business.
More information should be available soon, but at this time, the best defense against this malicious attack is to run the Microsoft update on all systems.
For all of your network and computer security needs, give us a call toll-free. RHYNO Networks (855) 749-6648.
