Sunday, March 26, 2023
Home New Release Microsoft vulnerability can strike before users open ‘malicious’ email: CSE centre

Microsoft vulnerability can strike before users open ‘malicious’ email: CSE centre

The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.

The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.

“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.

The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.

Read more:

Why are there so many cyberattacks lately? An explainer on the rising trend

That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.

Story continues below advertisement

The Cyber Centre warns users can be exploited even prior to the malicious email being opened or previewed by the victim, adding it has confirmed successful instances of the vulnerability being used.

Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.

New study shows students think educational institutions lack cyber security safeguards

The Cyber Centre’s warnings comes amid a rise in cybersecurity threats and attacks that have impacted Canadian businesses and institutions. Cyberattacks linked to foreign state actors, such as Russian attacks in response to Western support for Ukraine amid the current war with Moscow, are also increasing.

Notably, Microsoft’s cyber security research and analysis team warned on Wednesday that Russian hackers appear to be preparing a renewed wave of cyber attacks against Ukraine, including a “ransomware-style” threat to organizations serving Ukraine’s supply lines.


More on Science and Tech

&copy 2023 Global News, a division of Corus Entertainment Inc.

- Advertisment -

Most Popular

Sask. northern lights almost max category index: aurora expert

Saskatchewan residents grabbed their cameras and headed out after dark this week to catch a glimpse of the spectacular northern light show. Read more: ‘Land...

Xiaomi TV Stick 4K review

The Xiaomi TV Stick 4K is the company's latest entry-level 4K media streaming device. It's the usual sort of compact, dongle-like design that has...

GreyOrange Announces Partnership with Imperium Automation

GreyOrange Inc., a global leader in automated robotic fulfilment and inventory optimization software, today announces its partnership with Imperium Automation Ltd, a consultancy that...

‘Sense of community’ felt as Halifax hosts Canadian Pride Curling Championships

This weekend, Halifax is hosting the Canadian Pride Curling Championships — for the first time in 10 years. The city was supposed to host the...