Microsoft urges customers to immediately patch their systems against CVE-2023-23397 or add users to the Protected Users group in Active Directory and block outbound SMB (TCP port 445) as a temporary mitigation to minimize the impact of the attacks. Redmond also released a dedicated PowerShell script to help admins check if any users in their Exchange environment have been targeted using this Outlook vulnerability. It “checks Exchange messaging items (mail, calendar and tasks) to see whether a property is populated with a UNC path,” Microsoft says. “If required, admins can use this script to clean up the property for items that are malicious or even delete the items permanently.” This script also allows modifying or deleting potentially malicious messages if they are found on the audited Exchange Server when run in Cleanup mode.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022/
