Jump to content

Can ECOS detect malicious e-mails that exploit CVE-2023-23397?


Go to solution Solved by duijv023,

Recommended Posts

Posted

As the title says… can ECOS detect and block e-mails that exploit CVE-2023-23397?

Posted (edited)
12 minutes ago, DM R said:

@itman any eset pov mitigation?

Only Eset can answer this.

I wouldn't "hold my breath" on an Eset solution since the security researcher who analyzed the attack can't figure out how it works:

Quote

After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec’s red team member Dominic Chell discovered how easily a threat actor could leverage the bug.

He found that the script could look for the “PidLidReminderFileParameter” property inside the received mail items and remove it when present.

Chell explains that this property lets the sender define the filename that the Outlook client should play when the message reminder is triggered.

The reason why this was possible remains a puzzle that the researcher could not spell out since the sender of an email should not be able to configure the sound for the new message alert on the receiver's system.

https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/

Edited by itman
Posted

Of course… I’m not saying you shouldn’t patch nor mitigate in other means. I’m just very curious about ECOS playing their role in the game of multi layer defense!

  • Administrators
Posted

We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it.

  • Solution
Posted
9 hours ago, Marcos said:

We're investigating it, it's too early to tell if ECOS and mail server will be able to detect it.

Thank you Marcos,

greetings from Holland!

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...