Varonis, specializing in cybersecurity, discovered a new vulnerability in Microsoft, along with several attack methods that allow attackers to obtain user password hashes.
The vulnerability, identified as CVE-2023-35636, affects the calendar access function in Outlook and has been assessed as “important” (6.5 points on the CVSS scale). Exploiting this vulnerability, an attacker can send a specially crafted email to a user, forcing Outlook to connect to a server controlled by the hacker and transmit the NTLM V2 hash for authentication.
NTLM V2 is a protocol used for user authentication on remote servers. The NTLM V2 password hash can be valuable for attackers as it can be used in attack methods to obtain passwords in plaintext or for direct authentication using the hash.
Microsoft released unscheduled security updates in December 2023 to address the CVE-2023-35636 vulnerability. However, some attack methods that allow attackers to obtain authentication hashes still remain effective.
One of the identified methods utilizes the Windows Product Analyzer (WPA) tool. Researchers have discovered that a specific identifier, https://www.example.com/index.html, is used in processing links associated with WPA.
A URN (Uniform Resource Name) is a unique resource name that does not include the location or access method. URNs ensure unambiguous identification of resources regardless of their location on the network. An example URN is urn:isbn:0451450523.
URI (Uniform Resource Identifier) is an important concept for the Internet and web development. URIs enable easy hyperlinking, web page access, file uploading, and interaction with various services in the digital environment.