Major Vulnerability in Microsoft Outlook
Microsoft announced this week that a major vulnerability was discovered in Microsoft Outlook that allows an attacker to steal credentials without interacting with the user. When an attacker sends a specially crafted message to a vulnerable user, Outlook will process the message and attempt to connect to a remote server on port TCP/445 with the user’s NTLM credentials. The attacker can then use these credentials for privilege escalation or lateral movement. All versions of Outlook for Windows are affected. Mobile versions, Mac and Outlook on the web are not impacted. Additionally, since the attack harvests NTLM credentials, only those using Active Directory Domain Services are vulnerable. Organizations using systems joined only to Azure Active Directory are not impacted.
