In March 2023, Microsoft disclosed a critical Outlook vulnerability that required no user interaction, no malicious attachment click, and no macro execution — just the act of an email arriving in an inbox. CVE-2023-23397 is an elevation-of-privilege flaw in Microsoft Outlook for Windows that lets an attacker steal a user's Net-NTLMv2 hash by sending a specially crafted email or calendar invite. Outlook processes a hidden reminder property in the message, reaches out to an attacker-controlled server over SMB, and leaks authentication material before the victim ever opens the message. Microsoft and CERT-EU linked active exploitation of this bug to the Russian state-sponsored threat actor tracked as APT28 (Forest Blizzard, Fancy Bear, STRONTIUM), which used it against European government, military, energy, and transportation targets for nearly a year before a patch existed. It is one of the cleaner recent examples of a "zero-click" vulnerability that turns a mail client into a credential-harvesting beacon, and it remains a high-value target for opportunistic attackers scanning the internet for unpatched Exchange and Outlook deployments.
What the Vulnerability Actually Does
Outlook items — emails, tasks, and calendar appointments — support a reminder-sound property called PidLidReminderFileParameter, along with a companion flag (PidLidReminderOverride) that lets the sender specify a custom path to the sound file. Under normal use this stays local. CVE-2023-23397 abuses the fact that Outlook will accept a UNC path (e.g., \\attacker-controlled-ip\share\file.wav) in that field.
When Outlook processes the reminder — which happens automatically as part of calendar sync and message handling, often before the user has clicked anything — Windows attempts to authenticate to that remote SMB share using the current user's credentials. That authentication handshake is where the damage happens: the client sends an NTLM negotiation message containing the user's Net-NTLMv2 hash to the attacker's listener. The attacker doesn't need the plaintext password. They can:
- Relay the captured NTLM hash to another service (Exchange, AD FS, or any system that accepts NTLM authentication) to authenticate as the victim, often without ever cracking it, or
- Crack the hash offline to recover the plaintext password.
Because the trigger fires during background message processing, this qualifies as a zero-click vulnerability. No preview pane, no click, no attachment execution — just receipt and normal Outlook processing of the item is enough.
Affected Versions and Components
CVE-2023-23397 affects Microsoft Outlook for Windows specifically, across all currently supported versions at time of disclosure:
- Microsoft Outlook 2013 (SP1)
- Microsoft Outlook 2016
- Microsoft Outlook 2019
- Microsoft Outlook 2021
- Microsoft 365 Apps for Enterprise (32-bit and 64-bit)
Notably not affected: Outlook for Android, Outlook for iOS, Outlook for Mac, and Outlook on the web (OWA) — the vulnerability depends on Windows-specific handling of UNC paths and NTLM authentication, which these platforms don't share. That distinction matters for prioritization: any organization with a significant Windows-based Outlook desktop footprint (which is most enterprises) was exposed regardless of mail platform (Exchange Online, Exchange on-prem, or hybrid).
CVSS, EPSS, and KEV Status
- CVSS 3.1 Base Score: 9.8 (Critical) — the vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) reflects network-based access, low attack complexity, no privileges required, and no user interaction, with high impact to confidentiality, integrity, and availability.
- EPSS: In the weeks following disclosure, EPSS scoring placed this vulnerability in the highest percentile of predicted exploitation probability, consistent with active, confirmed in-the-wild use before and after patch release. Given the value of the credential-theft primitive and the ease of weaponization, exploitation attempts remained widespread well past the initial disclosure window.
- CISA KEV: Added to the CISA Known Exploited Vulnerabilities catalog on March 15/16, 2023, one day after Microsoft's patch, with a remediation deadline of April 4, 2023 for U.S. federal civilian agencies (BOD 22-01). Its KEV status alone should have been sufficient to trigger emergency patching cycles across any organization with a documented vulnerability management SLA tied to that catalog.
Timeline
- April 2022: Microsoft and CERT-EU later assessed that APT28 began exploiting this flaw in the wild — nearly a year before public disclosure — targeting European government, military, energy, and transportation-sector organizations.
- Throughout 2022: Continued targeted exploitation observed against European entities, largely undetected as a distinct vulnerability class at the time.
- December 2022: CERT-EU reported suspicious activity and shared indicators with Microsoft, kicking off the investigation that identified the root cause.
- March 14, 2023: Microsoft released the patch for CVE-2023-23397 as part of its March 2023 Patch Tuesday cycle, alongside a Microsoft Threat Intelligence Center (MSTIC) blog detailing APT28's exploitation.
- March 15–16, 2023: CISA added CVE-2023-23397 to the KEV catalog; Microsoft published a PowerShell script to help defenders audit mailboxes for indicators of compromise.
- Late March 2023: Public proof-of-concept exploit code appeared, and security researchers observed broad opportunistic scanning and exploitation attempts against unpatched systems well beyond the original nation-state target set.
- June 2023: Security researchers (MDSec) disclosed that the original patch could be bypassed by manipulating file path formatting, leading Microsoft to issue follow-up fixes tracked as CVE-2023-29324 and CVE-2023-35636 — a reminder that "patched" needs periodic re-verification against variant research.
Remediation Steps
- Apply the March 14, 2023 security update immediately, and follow up with the June 2023 patches addressing the CVE-2023-29324 / CVE-2023-35636 bypass variants. Treat this as a KEV-tier emergency change, not a routine patch-cycle item.
- Run Microsoft's CVE-2023-23397 detection script against on-premises and hybrid Exchange environments to audit mailbox items (emails, calendar invites, tasks) for the malicious
PidLidReminderFileParameter/PidLidReminderOverrideproperties, and remediate any flagged items. - Force password resets and revoke sessions for any account where indicators of compromise are found, and treat the underlying NTLM hash as compromised — assume potential lateral movement or relay activity occurred.
- Block outbound SMB (TCP 445) at the network perimeter to prevent NTLM authentication attempts from reaching attacker-controlled infrastructure outside the corporate network. This is a durable mitigation against this vulnerability class generally, not just this specific CVE.
- Disable NTLM where feasible, or enforce Extended Protection for Authentication (EPA) on Exchange Server and other services that currently accept NTLM, reducing the value of a stolen hash even if one is captured.
- Add high-privilege accounts to the Protected Users security group or otherwise restrict NTLM usage for administrative and service accounts, which are the highest-value relay targets.
- Monitor for anomalous outbound SMB/NTLM authentication attempts originating from mail-processing infrastructure, and alert on Outlook client connections to unfamiliar external IP ranges.
How Safeguard Helps
Safeguard is built to catch exactly this class of high-severity, actively-exploited vulnerability before it becomes an incident, and to help teams triage it correctly when it lands in a scan. Griffin AI continuously correlates new CVE and KEV data against your actual software inventory — including client applications like Outlook — so a critical disclosure like this surfaces immediately with the right context, rather than being buried in a generic severity list. Reachability analysis helps prioritize by confirming whether the vulnerable component is actually deployed and reachable in your environment, cutting through alert fatigue when a CVSS 9.8 headline hits every dashboard at once. SBOM generation and ingest give security and IT teams a live, queryable inventory of installed Office and Outlook versions across the fleet, so "which machines still need patching" becomes a query instead of a manual audit. And where remediation involves configuration or dependency changes across infrastructure-as-code and CI/CD pipelines, Safeguard's auto-fix PRs can push the fix directly into version control, shrinking the gap between disclosure and full remediation — the exact window nation-state actors and opportunistic scanners both exploit.