Skip to main content

In early May, Microsoft took action to address a significant security vulnerability affecting all versions of Windows. The tech giant has released a security update in response to the flaw, which was discovered in the Outlook email client. The vulnerability, identified as CVE-2023-29324, allowed threat actors to bypass previous patches designed to resolve an earlier Outlook bug that had been addressed in March of this year. It was initially reported by Ben Barnea, a security researcher from cybersecurity firm Akamai.


The original flaw, known as CVE-2023-23397, was disclosed by Microsoft back in March, and it enabled attackers to exploit Outlook for Windows by sending a malicious email. This allowed them to steal the NTLM password hash, which could then be used for unauthorized authentication and the initiation of NTLM relay attacks.

Microsoft also revealed that Russian hackers actively exploited CVE-2023-23397 between April and December 2022. Their targets included governmental, military, energy, and transportation organizations.

In response, Microsoft released a set of security patches on March 14 to rectify the vulnerability in Outlook 2016 and Outlook 2013. Additionally, the company provided IT administrators with a PowerShell script to assist in identifying and addressing suspicious items in both on-premises and cloud environments.

A researcher bypasses the fix

However, a security researcher successfully bypassed the fix designed to address the privilege escalation flaw in Outlook. Ben Barnea, a security researcher at Akamai, discovered a related issue within an Internet Explorer component. This allowed him to circumvent the previously implemented patch from March 2023, prompting the Outlook for Windows client to connect to a server controlled by the attacker.

What you need to do

Microsoft has urged its customers to promptly install the May 2023 Patch Tuesday updates for Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, and Windows Server 2008 R2. Additionally, Outlook users are advised to install the latest cumulative updates for Internet Explorer 11, as this will help protect against potential cyberattacks stemming from the vulnerability.

Leave a Reply