March 16 Update below. This post was originally published on March 15
Microsoft has confirmed that a critical Outlook vulnerability, rated at 9.8 out of a maximum 10, is known to have already been exploited in the wild. If you think that sounds bad, it get’s worse: the exploit is triggered upon receipt of a malicious email, and so is executed before that email is read in the preview pane. That’s right; this is a no-user-interaction required exploit. Here’s what we know about the new Microsoft Outlook zero-day.
What is CVE-2023-23397, the critical Microsoft Outlook zero-day vulnerability?
CVE-2023-23397 is a Microsoft Outlook elevation of privilege vulnerability that, according to the Microsoft Security Resource Center (MSRC), has already been used by a “Russia-based threat actor” in targeted attacks against government, transport, energy, and military sectors in Europe. Indeed, the Ukrainian Computer Emergency Response Team (CERT) is credited as reporting the zero-day to Microsoft.
Full technical details are, as yet, fairly thin on the ground. However, an MSRC posting says that the critical Microsoft Outlook vulnerability is “triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No interaction is required.” The posting continues to explain that the connection to a remote SMB (server message block) server sends the user new technology LAN manager (NTLM) negotiation message which is then relayed for authentication against supporting systems. “Online services such as Microsoft 365 do not support NTLM authentication,” the MSRC posting confirms, so are not vulnerable to this exploit.
All currently supported versions of Outlook for Windows are impacted, but not Outlook for the web or those running on Android, iOS, or Mac.
March 16 Update:
Google-owned threat intelligence company, Mandiant, says that it believes the CVE-2023-23397 Microsoft Outlook zero-day vulnerability has been exploited for nearly a year in order to target both organizations and critical infrastructure.
Russian ‘Fancy Bear’ state-sponsored threat actors have been exploiting CVE-2023-23397
In an email statement, Mandiant says it created ‘UNC4697’ to track the early exploitation of CVE-2023-23397, publicly attributed to the Russian military intelligence (GRU) connected threat actor, APT28, which is better known as Fancy Bear. It claims that the vulnerability has been exploited since April 2022 against government, defense, logistics, transportation, and energy targets based in Poland, Romania, Turkey, and Ukraine. These targets could, Mandiant says, facilitate strategic intelligence collection and disruptive or destructive attacks aimed both win=thin and outside of Ukraine.
“This is more evidence that aggressive, disruptive, and destructive cyberattacks may not remain constrained to Ukraine and a reminder that we cannot see everything,” John Hultquist, head of Mandiant Intelligence Analysis at Google Cloud, said. “These are spies, and they have a long track record of successfully evading our notice. This will be a propagation event. This is an excellent tool for nation-state actors and criminals alike who will be on a bonanza in the short term. The race has already begun.”
Multiple proofs-of-concept now widely available
Furthermore, Mandiant says that multiple proofs-of-concept are now widely available. Given that this is a no-user-interaction exploit, the potential for harm is high. Indeed, Mandiant says that it “anticipates broad, rapid adoption of the CVE-2023-23397 exploit by multiple nation-state and financially motivated actors, including both criminal and cyber espionage actors.”
Pass the Hash attack
In order to exploit CVE-2023-23397, which Mandiant says is ‘trivial’ to execute, an attacker needs to send a malicious email with an “extended MAPI property that contains a UNC path to SMB (TCP 445) share on an attacker-controlled server.” This kicks off what is known as a ‘Pass the Hash’ attack, but in this case, is triggered upon receipt of the email by an unpatched Outlook client, without the target even viewing it.
What do you need to do now?
The good news is that the warning concerning CVE-2023-23397 coincides with the release of the latest Patch Tuesday round of security updates for Microsoft users. Applying the relevant patch is therefore recommended. That said, if your organization is unable to apply these security updates immediately, then Microsoft has published some workaround mitigations. Adding users to the Protected Users Security Group will prevent the use of NTLM for authentication, but Microsoft warns that this could “cause impact to applications that require NTLM.” Alternatively, you can block outbound TCP 445/SMB using a firewall or through VPN settings.
What is the security industry saying about the Microsoft Outlook zero-day?
“Administrators should patch within the day if possible since the vulnerability is relatively simple to exploit, doesn’t require user interaction, and is already being exploited in the wild,” Peter Pflaster, a technical product manager at Automox, said. “Microsoft has shared two temporary mitigations if you’re unable to patch immediately, both of which will impact NTLM and applications that use it, so proceed with caution.”
“Given the network attack vector, the ubiquity of SMB shares, and the lack of user interaction required, an attacker with a suitable existing foothold on a network may well consider this vulnerability a prime candidate for lateral movement,” Adam Barnett, lead software engineer at Rapid7, said.
“A threat actor is currently exploiting this vulnerability to deliver malicious MSI (Microsoft Installer) files,” Bharat Jogi, director of vulnerability and threat research at Qualys, said.
“The attack can be executed without any user interaction by sending a specially crafted email which triggers automatically when retrieved by the email server,” Mike Walters, VP of Vulnerability and Threat Research at Action1, said. “This can lead to exploitation before the email is even viewed in the Preview Pane. If exploited successfully, an attacker can access a user’s Net-NTLMv2 hash, which can be used to execute a pass-the-hash attack on another service and authenticate as the user. The best course of action is to install the Microsoft update on all systems after testing it in a controlled environment.”
CHICAGO (AP) — United Airlines has struck a deal with Elon Musk’s SpaceX to offer satellite-based Starlink WiFi service on flights within the next several years.
The airline said Friday the service will be free to passengers.
United said it will begin testing the service early next year and begin offering it on some flights by later in 2025.
Financial details of the deal were not disclosed.
The announcement comes as airlines rush to offer more amenities as a way to stand out when passengers pick a carrier for a trip. United’s goal is to make sitting on a plane pretty much like being on the ground when it comes to browsing the internet, streaming entertainment and playing games.
“Everything you can do on the ground, you’ll soon be able to do on board a United plane at 35,000 feet, just about anywhere in the world,” CEO Scott Kirby said in announcing the deal.
The airline says Starlink will allow passengers to get internet access even over oceans and polar regions where traditional cell or Wi-Fi signals may be weak or missing.
Sony has made it easy for Canadian consumers to preorder the PlayStation 5 Pro in Canada directly from PlayStation’s official website. Here’s how:
Visit the Official Website: Go to direct.playstation.com and navigate to the PS5 Pro section once preorders go live on September 26, 2024.
Create or Log in to Your PlayStation Account: If you don’t have a PlayStation account, you will need to create one. Existing users can simply log in to proceed.
Place Your Preorder: Once logged in, follow the instructions to preorder your PS5 Pro. Ensure you have a valid payment method ready and double-check your shipping information for accuracy.
Preorder Through Major Canadian Retailers
While preordering directly from PlayStation is a popular option, you can also secure your PS5 Pro through trusted Canadian retailers. These retailers are expected to offer preorders on or after September 26:
Best Buy Canada
Walmart Canada
EB Games (GameStop)
Amazon Canada
The Source
Steps to Preorder via Canadian Retailers:
Visit Retailer Websites: Search for “PlayStation 5 Pro” on the website of your preferred retailer starting on September 26.
Create or Log in to Your Account: If you’re shopping online, having an account with the retailer can speed up the preorder process.
Preorder in Store: For those who prefer in-person shopping, check with local stores regarding availability and preorder policies.
3. Sign Up for Notifications
Many retailers and websites offer the option to sign up for notifications when the preorder goes live. If you’re worried about missing out due to high demand, this can be a useful option.
Visit Retailer Sites: Look for a “Notify Me” or “Email Alerts” option and enter your email to stay informed.
Use PlayStation Alerts: Sign up for notifications directly through Sony to be one of the first to know when preorders are available.
4. Prepare for High Demand
Preordering the PS5 Pro is expected to be competitive, with high demand likely to result in quick sellouts, just as with the initial release of the original PS5. To maximize your chances of securing a preorder:
Act Quickly: Be prepared to place your order as soon as preorders open. Timing is key, as stock can run out within minutes.
Double-Check Payment Information: Ensure your credit card or payment method is ready to go. Any delays during the checkout process could result in losing your spot.
Stay Informed: Monitor PlayStation and retailer websites for updates on restocks or additional preorder windows.
Final Thoughts
The PlayStation 5 Pro is set to take gaming to the next level with its enhanced performance, graphics, and new features. Canadian gamers should be ready to act fast when preorders open on September 26, 2024, to secure their console ahead of the holiday season. Whether you choose to preorder through PlayStation’s official website or your preferred retailer, following the steps outlined above will help ensure a smooth and successful preorder experience.
For more details on the PS5 Pro and to preorder, visit direct.playstation.com or stay tuned to updates from major Canadian retailers.
Since the PlayStation 5 (PS5) launched four years ago, PlayStation has continuously evolved to meet the demands of its players. Today, we are excited to announce the next step in this journey: the PlayStation 5 Pro. Designed for the most dedicated players and game creators, the PS5 Pro brings groundbreaking advancements in gaming hardware, raising the bar for what’s possible.
Key Features of the PS5 Pro
The PS5 Pro comes equipped with several key performance enhancements, addressing the requests of gamers for smoother, higher-quality graphics at a consistent 60 frames per second (FPS). The console’s standout features include:
Upgraded GPU: The PS5 Pro’s GPU boasts 67% more Compute Units than the current PS5, combined with 28% faster memory. This allows for up to 45% faster rendering speeds, ensuring a smoother gaming experience.
Advanced Ray Tracing: Ray tracing capabilities have been significantly enhanced, with reflections and refractions of light being processed at double or triple the speed of the current PS5, creating more dynamic visuals.
AI-Driven Upscaling: Introducing PlayStation Spectral Super Resolution, an AI-based upscaling technology that adds extraordinary detail to images, resulting in sharper image clarity.
Backward Compatibility & Game Boost: More than 8,500 PS4 games playable on PS5 Pro will benefit from PS5 Pro Game Boost, stabilizing or enhancing performance. PS4 games will also see improved resolution on select titles.
VRR & 8K Support: The PS5 Pro supports Variable Refresh Rate (VRR) and 8K gaming for the ultimate visual experience, while also launching with the latest wireless technology, Wi-Fi 7, in supported regions.
Optimized Games & Patches
Game creators have quickly embraced the new technology that comes with the PS5 Pro. Many games will receive free updates to take full advantage of the console’s new features, labeled as PS5 Pro Enhanced. Some of the highly anticipated titles include:
Alan Wake 2
Assassin’s Creed: Shadows
Demon’s Souls
Dragon’s Dogma 2
Final Fantasy 7 Rebirth
Gran Turismo 7
Marvel’s Spider-Man 2
Ratchet & Clank: Rift Apart
Horizon Forbidden West
These updates will allow players to experience their favorite games at a higher fidelity, taking full advantage of the console’s improved graphics and performance.
Design & Compatibility
Maintaining consistency within the PS5 family, the PS5 Pro retains the same height and width as the original PS5 model. Players will also have the option to add an Ultra HD Blu-ray Disc Drive or swap console covers when available.
Additionally, the PS5 Pro is fully compatible with all existing PS5 accessories, including the PlayStation VR2, DualSense Edge, Pulse Elite, and Access controller. This ensures seamless integration into your current gaming setup.
Pricing & Availability
The PS5 Pro will be available starting November 7, 2024, at a manufacturer’s suggested retail price (MSRP) of:
$699.99 USD
$949.99 CAD
£699.99 GBP
€799.99 EUR
¥119,980 JPY
Each PS5 Pro comes with a 2TB SSD, a DualSense wireless controller, and a copy of Astro’s Playroom pre-installed. Pre-orders begin on September 26, 2024, and the console will be available at participating retailers and directly from PlayStation via direct.playstation.com.
The launch of the PS5 Pro marks a new chapter in PlayStation’s commitment to delivering cutting-edge gaming experiences. Whether players choose the standard PS5 or the PS5 Pro, PlayStation aims to provide the best possible gaming experience for everyone.
Preorder your PS5 Pro and step into the next generation of gaming this holiday season.
