Описание
Microsoft Outlook Elevation of Privilege Vulnerability
Меры по смягчению последствий
The following mitigating factors may be helpful in your situation:
- Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM. Consider using it for high value accounts such as Domain Admins when possible. Please note: This may cause impact to applications that require NTLM, however the settings will revert once the user is removed from the Protected Users Group. Please see Protected Users Security Group for more information.
- Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.
Is the Preview Pane an attack vector for this vulnerability?
The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
How could an attacker exploit this vulnerability?
External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim.
Where can I find more information about NTLM relay attacks?
Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks.
Where can I find more information?
Please see the MSRC Blog Post relating to this vulnerability here: Microsoft Mitigates Outlook Elevation of Privilege Vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Outlook 2013 RT Service Pack 1 | - | |
| Microsoft Outlook 2016 (32-bit edition) | ||
| Microsoft Outlook 2016 (64-bit edition) | ||
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Office 2019 for 32-bit editions | - | |
| Microsoft Office 2019 for 64-bit editions | - | |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | - | |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | - | |
| Microsoft Office LTSC 2021 for 64-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Microsoft Outlook Elevation of Privilege Vulnerability
Уязвимость почтового клиента Microsoft Outlook, связанная с раскрытием информации, позволяющая нарушителю повысить свои привилегии
Microsoft Exchange Server Elevation of Privilege Vulnerability
Windows MSHTML Platform Security Feature Bypass Vulnerability
EPSS
9.8 Critical
CVSS3