This is a pretty big one (9.8).<p>> The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.<p>> External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.<p>Microsoft has released a script to check for abuse:
<a href="https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/" rel="nofollow">https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-2...</a>