Microsoft vulnerability can strike before users open ‘malicious’ email: CSE centre – National | Globalnews.ca

The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.

The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.

“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.

The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.

Read more:

Why are there so many cyberattacks lately? An explainer on the rising trend

That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.

Story continues below advertisement

The Cyber Centre warns users can be exploited even prior to the malicious email being opened or previewed by the victim, adding it has confirmed successful instances of the vulnerability being used.

Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.


Click to play video: 'New study shows students think educational institutions lack cyber security safeguards'


New study shows students think educational institutions lack cyber security safeguards


The Cyber Centre’s warnings comes amid a rise in cybersecurity threats and attacks that have impacted Canadian businesses and institutions. Cyberattacks linked to foreign state actors, such as Russian attacks in response to Western support for Ukraine amid the current war with Moscow, are also increasing.

Notably, Microsoft’s cyber security research and analysis team warned on Wednesday that Russian hackers appear to be preparing a renewed wave of cyber attacks against Ukraine, including a “ransomware-style” threat to organizations serving Ukraine’s supply lines.

&copy 2023 Global News, a division of Corus Entertainment Inc.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.