This month there has been a lot of coverage on a few Microsoft product vulnerabilities. Most notable and understandable, the Outlook vulnerability (CVE-2023-23397) has received the greatest attention. However, there has also been some discussion about a privacy flaw in its Windows 11 Snipping Tool and a notification that they will be throttling and blocking email from persistently vulnerable Exchange Servers. Members are encouraged to address all patches/updates accordingly. Likewise, if your utility is running out-of-date (unpatched and unsupported) on-prem Exchange Servers, particular attention should be given to addressing that.
Outlook: The March security updates included a patch for this previously identified zero-day vulnerability that researchers state has been exploited since April 2022. CVE-2023-23397 is a vulnerability of great concern as it allows for privilege escalation without any user interaction of this extremely widely used platform. Microsoft has distributed a patch, but they are also providing guidance to assist customers in detecting for exploitation.
Windows 11 Snipping Tool: The Windows Snipping Tool is reported to have a severe privacy flaw (dubbed 'acropalypse') which allows for the partial recovery of the original photo which could reveal redacted or cropped content. Microsoft has released an out-of-band update to fix the flaw.
Exchange On-Premise: As Microsoft continues enhancing the security of their cloud, they are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. If you are still running outdated on-prem Exchange, it’s extremely important that take a look at this: Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online. According to the post, Microsoft is taking a progressive enforcement approach which gradually increases throttling over time, and then introduces blocking in gradually increasing stages culminating in blocking 100% of all non-compliant traffic. Enforcement actions will escalate over time until the server is remediated: either removed from service (for versions beyond end of life) or updated (for supported versions with available updates).