CVE-2023-23397
Microsoft Office Outlook Privilege Escalation Vulnerability - [Actively Exploited]
Description
Microsoft Outlook Elevation of Privilege Vulnerability
INFO
Published Date :
March 14, 2023, 5:15 p.m.
Last Modified :
Oct. 22, 2025, 12:18 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Apply updates per vendor instructions.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
Affected Products
The following products are affected by CVE-2023-23397
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 3.1 | CRITICAL | [email protected] | ||||
CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Apply the latest security updates provided by Microsoft.
- Ensure automatic updates are enabled or manually update the software.
Public PoC/Exploit Available at Github
CVE-2023-23397 has a 102 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-23397
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 | Patch Vendor Advisory |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 | Patch Vendor Advisory |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-23397
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-23397
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Hi, I’m Toluwanimi — I’m an IT and Cybersecurity professional with experience in vulnerability management and SOC operations. I’ve worked with tools like Tenable, Splunk, and Cortex Xpanse to support enterprise security posture. I’m looking to connect with teams working on threat detection, cloud security, or automation.
None
A professional-grade Model Context Protocol (MCP) server for cybersecurity training, simulation, and incident response. This server provides AI assistants with powerful tools to create realistic security scenarios, simulate attacks, analyze networks, investigate incidents, and perform digital forensics.
Dockerfile Shell TypeScript JavaScript
list of cve from 2001 to 2024
Python
All PoC
PowerShell Python Java Shell C Makefile PHP Lua Roff Ruby
None
None
Shell PowerShell
None
Python
None
None
None
Python Shell
None
Dockerfile Shell JavaScript TypeScript
None
Python
None
Python Dockerfile Shell C
Vulnerabilidades Conhecidas em Sistemas Windows Desatualizados
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-23397
vulnerability anywhere in the article.

-
CybersecurityNews
APT35 Hackers Attacking Government, Military Organizations to Steal Login Credentials
In recent months, a surge in targeted intrusions attributed to the Iranian-aligned threat group APT35 has set off alarm bells across government and military networks worldwide. First detected in early ... Read more

-
CybersecurityNews
Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools
The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new too ... Read more

-
Daily CyberSecurity
APT28 Cyber Espionage Campaign Targets French Institutions Since 2021
The French National Cybersecurity Agency (ANSSI) has released a detailed report exposing a sustained and strategic cyber-espionage campaign orchestrated by APT28, a group publicly attributed to the Ru ... Read more

-
Dark Reading
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
Source: Bits And Splits via ShutterstockMultiple attackers are actively exploiting a recently patched Windows vulnerability that exposes authentication credentials, despite Microsoft releasing a fix f ... Read more

-
The Register
Malware variants that target operational tech systems are very rare – but 2 were found last year
Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildi ... Read more

-
The Hacker News
Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "Th ... Read more

-
The Register
Russia's Sandworm caught snarfing credentials, data from American and Brit orgs
An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations, ... Read more

-
BleepingComputer
BadPilot network hacking campaign fuels Russian SandWorm attacks
A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubb ... Read more

-
Dark Reading
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally
Source: Kenishirotie via Alamy Stock PhotoArguably, no advanced persistent threat (APT) enjoys as much notoriety as Sandworm, otherwise known as Military Unit 74455 within Russia's military intelligen ... Read more

-
Help Net Security
Microsoft enforces defenses preventing NTLM relay attacks
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by ... Read more

-
Dark Reading
Microsoft NTLM Zero-Day to Remain Unpatched Until April
Source: QINQIE99 via ShutterstockMicrosoft has released fresh guidance to organizations on how to mitigate NTLM relay attacks by default, days after researchers reported finding a NTLM hash disclosure ... Read more

-
Kaspersky
Exploits and vulnerabilities in Q3 2024
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mit ... Read more

-
TheCyberThrone
Top 15 Most Exploited Vulnerabilities in 2023
In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure ... Read more

-
The Register
Five Eyes infosec agencies list 2024's most exploited software flaws
The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have ... Read more

-
Cybersecurity News
2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory
In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2 ... Read more

-
The Cyber Express
Top 15 Exploited Cyber Vulnerabilities Revealed: Five Eyes Alliance Urges Immediate Patching
The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more

-
BleepingComputer
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advis ... Read more

-
security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023
De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

-
Help Net Security
Patching problems: The “return” of a Windows Themes spoofing vulnerability
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s op ... Read more

-
Krypt3ia
Comprehensive Threat Intelligence Report: The Rise of Nation-State Cyber Attacks and Their Convergence with Cybercrime
TLP: WHITE This threat intelligence report was written in tandem between Krypt3ia and the ICEBREAKER Threat Intelligence Analyst created by Krypt3ia. Executive Summary Over the past year, nation-state ... Read more
The following table lists the changes that have been made to the
CVE-2023-23397
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 22, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 -
Modified Analysis by [email protected]
Mar. 13, 2025
Action Type Old Value New Value -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 -
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* *cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:* OR *cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* *cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:* -
CVE Modified by [email protected]
May. 29, 2024
Action Type Old Value New Value Added CWE Microsoft Corporation CWE-20 -
CVE Modified by [email protected]
May. 28, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
Mar. 20, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 Patch, Vendor Advisory Added CWE NIST CWE-294 Added CPE Configuration OR *cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* *cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
Vulnerability Scoring Details
Base CVSS Score: 9.8
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
93.76 }} 0.14%
score
0.99847
percentile