Outlook: Calendar entry can steal password
There is a new vulnerability in Outlook and three ways to access NTLM v2 hashed passwords. Access can be done through the calendar function and double headers via calendar entry. Experts have discovered the vulnerability and are warning about it. Varonis Threat Labs discovered the new Outlook vulnerability (CVE-2023-35636) and three new ways to exploit it. This allows you to access the NTLM v2 hash passwords from Outlook, Windows Performance Analyzer (WPA) and Windows File Explorer. With access to these passwords, attackers can attempt an offline brute force attack or an authentication relay attack to compromise an account and gain access. Unpatched…