Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening. ICS calendar files after installing the December 2023 Outlook Desktop security updates.
The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023–35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.
These credentials are used to authenticate as the compromised Windows user in pass-the-hash attacks, to gain access to sensitive data or spread laterally on their network.
Leave a reply