Microsoft Zero Day Vulnerability CVE-2023-23397 – March 2023

Microsoft recently announced a critical severity vulnerability of Microsoft Outlook.  This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.  This vulnerability does not affect MacOS, iOS, or Outlook for Android. 

PMACS (DART) Supported Windows Computers 

Beginning at 5pm today, March 20th, 2023, PMACS (DART) will begin pushing out a patch that will automatically update your version of Office 365 to the latest supported version.  All Microsoft Office applications (Outlook, Word, PowerPoint, Excel, OneNote, Teams) will need to close before the patch can be installed; therefore, you will be prompted to close any open Office apps before proceeding.  To help  ensure this patch gets distributed promptly, please leave your Windows PC powered on and Office documents saved or closed ahead of time. 

Non-Supported PSOM and Personal Computers 

You will need to manually update your Office products.  If you are running a version of Microsoft Windows older than Office 2019, you will need to run “Windows Updates” to install the latest updates from Microsoft.  If you are using a Microsoft Office version 2019 or later, you will need to manually update your version of Office.  To do so, please open a Microsoft Office application.  Next, click on “File” and then choose “Office Account”.  Another window will open allowing you to click on “Office Updates/Update Options”.  After clicking “Upgrade Options”, a dropdown will appear. Select “Update Now”.  Office updates will then begin installing the latest version. 

If you have any questions, please contact your Local Support Provider or submit a ticket to the PMACS (DART) Helpdesk