Related article: Why should you care about CVE-2023-23397?and should be updated as soon as possible
This major security vulnerability poses a serious threat to Outlook users of all Windows versions. As long as the client receives a specific malicious letter disguised as a calendar event notification, the personal computer can be triggered without reading or opening the letter. Automatically send the stored SMB server identity authentication information, which is equivalent to unconditionally sending important identity authentication information such as the company’s “Network Fang” or internal Microsoft AD to the hacker, and the attacker can not only impersonate the victim Complete authentication of identity access, and even theft of data or installation of malicious software. Although the administrator can block the TCP port 445, that is, the external connection to the SMB server, to prevent the identity authentication information from being automatically sent to the malicious host, it will also affect the normal use of services such as Wangfang. Another workaround is to change the calendar in the Outlook software to “do not display reminders” to avoid triggering this vulnerability, but this may affect the daily calendar use of all personnel and bring more inconvenience to the office process.
Openfind has recently received many inquiries from customers about this information security incident. Because this issue is rooted in Microsoft’s email software vulnerability, Openfind, as an email host and related information security service provider, assists in blocking emails during delivery. The importance of processing cannot be overstated. Zhang Jiayuan, Chief Security Officer of Netstation, said: “At present, Netstation continues to serve many important government agencies and large enterprise customers. Since the attack on the zero-day vulnerability of Outlook is through sending malicious emails, Netsx is duty-bound. For the first time, the Openfind Email Threat Lab has started to develop ways to block these attacks, helping all customers reduce the associated risk immediately.”
At present, software products such as Mail2000 and MailGates of Openfind, as well as services such as OSecure or MailCloud, and government cloud email (EaaS) can provide protection functions corresponding to the Outlook CVE-2023-23397 security vulnerability, blocking problem letters and removing malicious content. Completely avoid the follow-up harm caused by identity theft after the Outlook user receives the letter.
Due to the large number of system users, large enterprises or organizations are often unable to complete the repairs for all internal personnel after the original manufacturers such as Microsoft release program updates. Especially after the vulnerabilities are publicly disclosed, the enterprises bear the brunt and immediately face huge information security risks. Therefore, if we can directly block all kinds of zero-day attacks from the process through a role like Openfind, and use “joint defense” to deal with emergency information security incidents through different channels, in addition to being able to check the first line of defense for all customers, They also jointly play the greatest strength on the ground to protect the information security of the whole people.