Lingolol

0 posts0 participants0 posts today

Taggart: ~# :idle:I'm once again asking if _anyone_ has seen the PoCs for <a href="https://fosstodon.org/tags/CVE202323397" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202323397</a> actually work against remote targets. MDSec demo: local attack Hammond's demo: local attack My own testing: local attackWith both flavors of PoC right now, I can only get this thing to trigger on my own machine, but not recipients. The invite is received, but the SMB server is not contacted by the target. I'm wondering if we're missing something here.<a href="https://fosstodon.org/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://fosstodon.org/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://fosstodon.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a>

Joe Słowik<a href="https://infosec.exchange/tags/CVE202323397" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202323397</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a>

Frehi<a href="https://fosstodon.org/tags/twinclams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#twinclams</a> now has detection support for <a href="https://fosstodon.org/tags/CVE202323397" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202323397</a> exploits. Add it to your <a href="https://fosstodon.org/tags/clamav" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#clamav</a> installation with <a href="https://fosstodon.org/tags/fangfrisch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fangfrisch</a>.<a href="https://github.com/twinwave-security/twinclams/commit/de7534849fada879eb613c57db0f421c93f9ed7f" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/twinwave-security/twinclams/commit/de7534849fada879eb613c57db0f421c93f9ed7f</a><a href="https://blog.frehi.be/2021/01/25/using-fangfrisch-to-improve-malware-e-mail-detection-with-clamav/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.frehi.be/2021/01/25/using-fangfrisch-to-improve-malware-e-mail-detection-with-clamav/</a>

Kevin BeaumontYou definitely want to update Microsoft Office. MDSec beat me to it on CVE-2023-23397, it's supppper easy to exploit + works with remote images disabled - turns out the spec (which is open) has a function to specify a sound when an Outlook email arrives - which loads via UNC and sends NTML password hash for AD account to internet = no click cred theft, PoC in wild. <a href="https://cyberplace.social/tags/CVE202323397" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202323397</a> <a href="https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/" rel="nofollow noopener noreferrer" target="_blank">https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/</a>

Recent searches

Search options

Administered by:

Server stats:

#cve202323397