Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
The Hacker News – Ravie Lakshmanan
Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction.

The vulnerability was resolved by Microsoft as part of its Patch Tuesday updates for March 2023, but not before Russia-based threat actors weaponized the flaw in attacks targeting government, transportation, energy, and military sectors in Europe.

Microsoft’s incident response team said it found evidence of potential exploitation of the shortcoming as early as April 2022.
Link: https://thehackernews.com/2023/03/microsoft-warns-of-stealthy-outlook.html