CVE-2023-23397: Microsoft Office Outlook Privilege Escalation

Microsoft Office Outlook Privilege Escalation Vulnerability. Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

• CISA KEV-listed (remediation due 2023-04-04)
• EPSS 93.4% (99.8% percentile)

Detection rules

• Outlook Task/Note Reminder Received low
• CVE-2023-23397 Exploitation Attempt critical
• Potential CVE-2023-23397 Exploitation Attempt - SMB medium
• Suspicious WebDav Client Execution Via Rundll32.EXE high

Related briefings

• Russia's APT28 hackers move to disposable malware and AI-driven tools 2026-06-11

Browse the CVE database

Read the full analysis on IntelFusions