A recently addressed security flaw in Microsoft Outlook has been identified as a significant threat, potentially allowing threat actors to exploit it to gain access to NT LAN Manager (NTLM) v2 hashed passwords.
Tracked as CVE-2023-35636 with a CVSS score of 6.5, Microsoft swiftly addressed the issue as part of its Patch Tuesday updates in December 2023, according to The Hacker News. The MS Outlook vulnerability could be exploited in email attack scenarios where hackers could send a specially crafted file to users, persuading them to open it, as outlined in a Microsoft advisory released last month. Additionally, in web-based attack scenarios, threat actors could host a website containing a malicious file designed to exploit the vulnerability, requiring users to click on a link embedded in a phishing email or instant message.
The flaw, originating from the calendar-sharing function of Microsoft Outlook, involved the creation of a malicious email message with specific headers ("Content-Class" and "x-sharing-config-url") to expose a victim's NTLM hash during authentication.
(Photo : GERARD JULIEN/AFP via Getty Images)
Users Must Remain Vigilant
Discovered by Varonis security researcher Dolev Taler, the bug revealed that NTLM hashes could be leaked by utilizing the Windows Performance Analyzer (WPA) and Windows File Explorer. However, these attack methods remain unpatched, raising concerns about vulnerability when the NTLM v2 hash passes through the open web, making it vulnerable to relay and offline brute-force attacks.
Coinciding with this revelation is Check Point's disclosure of a "forced authentication" case, potentially utilized to leak a Windows user's NTLM tokens by tricking them into opening a rogue Microsoft Access file. As Microsoft progresses towards discontinuing NTLM in Windows 11 for enhanced security, these vulnerabilities underscore users' need to promptly implement patches and security measures to safeguard their systems and data.
In a previous report, Microsoft discovered a nation-state attack on January 12, 2024, which the Russian state-sponsored actor Midnight Blizzard (Nobelium) was in charge of. Initiated through a password spray attack in late November 2023, the compromise affected a non-production test tenant account, providing limited access to corporate email accounts, including senior leadership and cybersecurity personnel.
Microsoft's response, part of its Secure Future Initiative (SFI), emphasized responsible transparency and affirmed that the attack did not exploit vulnerabilities in its products or services. Notifications to affected employees are underway.
Experts: AI-Powered Cyberattacks to Increase
In separate news, the UK's National Cyber Security Centre (NCSC), a subsidiary of GCHQ, warned that artificial intelligence (AI) might provide amateur cybercriminals with advanced tools for convincing phishing assaults utilizing bogus emails.
The NCSC's recent evaluation shows that ChatGPT, a generative AI, can create authentic-looking material from basic cues. As AI advances, it becomes harder to spot phishing efforts, raising fears about amateur hackers launching ransomware assaults, per the World Economic Forum.
Rupal Hollenbeck, president of Check Point Software Technologies, advises firms to use AI to tackle fraudsters' shifting techniques. Hollenbeck stressed the necessity for enterprises to embrace AI-driven preventative measures as fraudsters become more proficient at using AI.
She noted in her piece published by Fortune that existing point products generate significant and preventable blind spots and impede interoperability. The expert suggested implementing a consolidated cybersecurity platform that uses AI to continuously improve proactive detection, remediation, and abnormal behavior within well-defined zero-trust policies to increase cyber resilience against various attacks.
Related Article: Cisco Talos Claims Ransomware Is 2024's Biggest Security Threat-Schools Now on Target List
