March 16, 2023
CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.
This vulnerability in Microsoft Outlook allows an unauthenticated attacker to steal credentials (via code hash) by sending specially crafted email to their victims. The vulnerability triggers automatically when the specially crafted email is retrieved and processed by the Microsoft Outlook client.