duijv023 0 Posted March 16, 2023 Posted March 16, 2023 As the title says… can ECOS detect and block e-mails that exploit CVE-2023-23397?
itman 1,921 Posted March 16, 2023 Posted March 16, 2023 Patch your devices ASAP! Microsoft included a mitigation for this in the March, 2023 security updates. Otherwise, follow additional mitigations Microsoft has listed here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397?ref=cisco-talos-blog .
itman 1,921 Posted March 16, 2023 Posted March 16, 2023 (edited) 12 minutes ago, DM R said: @itman any eset pov mitigation? Only Eset can answer this. I wouldn't "hold my breath" on an Eset solution since the security researcher who analyzed the attack can't figure out how it works: Quote After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec’s red team member Dominic Chell discovered how easily a threat actor could leverage the bug. He found that the script could look for the “PidLidReminderFileParameter” property inside the received mail items and remove it when present. Chell explains that this property lets the sender define the filename that the Outlook client should play when the message reminder is triggered. The reason why this was possible remains a puzzle that the researcher could not spell out since the sender of an email should not be able to configure the sound for the new message alert on the receiver's system. https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/ Edited March 16, 2023 by itman
duijv023 0 Posted March 16, 2023 Author Posted March 16, 2023 Of course… I’m not saying you shouldn’t patch nor mitigate in other means. I’m just very curious about ECOS playing their role in the game of multi layer defense!
Administrators Marcos 5,733 Posted March 17, 2023 Administrators Posted March 17, 2023 We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it.
Solution duijv023 0 Posted March 17, 2023 Author Solution Posted March 17, 2023 9 hours ago, Marcos said: We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it. Thank you Marcos, greetings from Holland!
Recommended Posts