Microsoft Outlook Elevation of Privilege Vulnerability
Published: 2023-03-14
Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.
https://www.infosecurity-magazine.com/news/western-logistics-tech-firms/
https://www.theregister.com/2025/05/21/russias_fancy_bear_alert/
https://www.securityweek.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine/
https://www.databreachtoday.com/russian-intelligence-hackers-stalk-western-logistics-firms-a-28449
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a
https://thehackernews.com/2025/05/russian-hackers-exploit-email-and-vpn.html
https://cyberscoop.com/russian-apt28-cyberattacks-target-western-logistics-ukraine/
https://www.welivesecurity.com/en/eset-research/operation-roundpress/
https://www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
https://www.theregister.com/2025/02/25/new_ics_malware_dragos/
https://hackread.com/microsoft-badpilot-campaign-seashell-blizzard-usa-uk/
https://www.theregister.com/2025/02/12/russias_sandworm_caught_stealing_credentials/
https://therecord.media/sandworm-subgroup-russia-europe
https://thehackernews.com/2025/02/microsoft-uncovers-sandworm-subgroups.html
https://www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april
https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html
https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/
https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html?&web_view=true
https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html
https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html?&web_view=true
https://securityaffairs.com/155420/apt/apt8-exploited-outlook-0day-target-nato.html
https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/
https://meterpreter.org/proofpoint-uncovers-ta422-apt28s-dedicated-phishing-exploitation-loop/
https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear
https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html
https://www.mandiant.com/resources/blog/zero-days-exploited-2022
Published: 2023-03-14
Updated: 2025-03-13
Known Exploited Vulnerability (KEV)
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.93609
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest