Merge pull request #2580 from splunk/errrrrr

minor
splunk · Mar 21, 2023 · 55ac860 · 55ac860
2 parents b22e7ce + bfa37e9
commit 55ac860
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/...7_pidlidreminder_privilege_escalation.yml → ..._23397_outlook_elevation_of_privilege.yml b/...7_pidlidreminder_privilege_escalation.yml → ..._23397_outlook_elevation_of_privilege.yml
@@ -4,9 +4,8 @@ version: 1
 date: '2023-03-15'
 author: Michael Haag, Splunk
 description: Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. 
-narrative: Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.
-  CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required.
-
+narrative: Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.\
+  CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required.\
   The connection to the remote SMB server sends the user''s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication. Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages. (2023, Microsoft)
 references:
   - https://twitter.com/ACEResponder/status/1636116096506818562?s=20