Jump to content

Can ECOS detect malicious e-mails that exploit CVE-2023-23397?

Go to solution Solved by duijv023,

Recommended Posts

12 minutes ago, DM R said:

@itman any eset pov mitigation?

Only Eset can answer this.

I wouldn't "hold my breath" on an Eset solution since the security researcher who analyzed the attack can't figure out how it works:


After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec’s red team member Dominic Chell discovered how easily a threat actor could leverage the bug.

He found that the script could look for the “PidLidReminderFileParameter” property inside the received mail items and remove it when present.

Chell explains that this property lets the sender define the filename that the Outlook client should play when the message reminder is triggered.

The reason why this was possible remains a puzzle that the researcher could not spell out since the sender of an email should not be able to configure the sound for the new message alert on the receiver's system.


Edited by itman
Link to comment
Share on other sites

Of course… I’m not saying you shouldn’t patch nor mitigate in other means. I’m just very curious about ECOS playing their role in the game of multi layer defense!

Link to comment
Share on other sites

  • Solution
9 hours ago, Marcos said:

We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it.

Thank you Marcos,

greetings from Holland!

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...