CVE-2023-23397: Outlook NTLM Credential Theft

Q: Can Outlook leak credentials without opening email?

Yes, CVE-2023-23397 triggers NTLM credential theft upon email receipt in Outlook — no opening or previewing required. Exploited by Russian military intelligence.

CRITICAL

9.8CRITICAL

Published: 2023-03-14Affected: Microsoft Outlook for WindowsCWE-294 ↗

Can Outlook leak credentials without opening email?

A critical zero-click vulnerability where a specially crafted email triggers an NTLM authentication request to an attacker-controlled SMB server. The victim does not need to open or preview the email — receiving it is sufficient for exploitation.

Impact & Exploitation

Exploited by Russian military intelligence (GRU). No user interaction required. Email receipt alone triggers credential theft, enabling lateral movement and domain compromise.

How Precogs AI Detects Outlook NTLM Credential Theft

Precogs AI identifies NTLM relay attack vectors in Windows application binaries and detects configurations susceptible to automatic outbound SMB authentication.

Scan for CVE-2023-23397

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2023-23397: Outlook NTLM Credential Theft

Can Outlook leak credentials without opening email?

Impact & Exploitation

How Precogs AI Detects Outlook NTLM Credential Theft

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

Can Outlook leak credentials without opening email?

Impact & Exploitation

How Precogs AI Detects Outlook NTLM Credential Theft

Related Resources

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?