duijv023 0 Posted March 16, 2023 Share Posted March 16, 2023 As the title says… can ECOS detect and block e-mails that exploit CVE-2023-23397? Link to comment Share on other sites More sharing options...
itman 1,662 Posted March 16, 2023 Share Posted March 16, 2023 Patch your devices ASAP! Microsoft included a mitigation for this in the March, 2023 security updates. Otherwise, follow additional mitigations Microsoft has listed here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397?ref=cisco-talos-blog . Link to comment Share on other sites More sharing options...
DM R 0 Posted March 16, 2023 Share Posted March 16, 2023 @itman any eset pov mitigation? Link to comment Share on other sites More sharing options...
itman 1,662 Posted March 16, 2023 Share Posted March 16, 2023 (edited) 12 minutes ago, DM R said: @itman any eset pov mitigation? Only Eset can answer this. I wouldn't "hold my breath" on an Eset solution since the security researcher who analyzed the attack can't figure out how it works: Quote After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec’s red team member Dominic Chell discovered how easily a threat actor could leverage the bug. He found that the script could look for the “PidLidReminderFileParameter” property inside the received mail items and remove it when present. Chell explains that this property lets the sender define the filename that the Outlook client should play when the message reminder is triggered. The reason why this was possible remains a puzzle that the researcher could not spell out since the sender of an email should not be able to configure the sound for the new message alert on the receiver's system. https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/ Edited March 16, 2023 by itman Link to comment Share on other sites More sharing options...
duijv023 0 Posted March 16, 2023 Author Share Posted March 16, 2023 Of course… I’m not saying you shouldn’t patch nor mitigate in other means. I’m just very curious about ECOS playing their role in the game of multi layer defense! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,082 Posted March 17, 2023 Administrators Share Posted March 17, 2023 We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it. Link to comment Share on other sites More sharing options...
Solution duijv023 0 Posted March 17, 2023 Author Solution Share Posted March 17, 2023 9 hours ago, Marcos said: We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it. Thank you Marcos, greetings from Holland! Link to comment Share on other sites More sharing options...
Recommended Posts