Is SMG vulnerable to CVE-2023-23397
search cancel

Is SMG vulnerable to CVE-2023-23397


Article ID: 262279


Updated On:


Messaging Gateway Messaging Gateway for Service Providers Messaging Gateway Hardware


There is some concern that Messaging Gateway (SMG) may be vulnerable to CVE-2023-23397 announced in the Microsoft Monthly Security Update (March 2023).


This does not affect Messaging Gateway as SMG does not use any Microsoft products, including Outlook and/or NTLM.

Additional Information

The first zero-day vulnerability fixed is CVE-2023-23397, an elevation of privilege flaw in Outlook that allows specially crafted emails to force a target's device to connect to a remote URL and transmit the Windows account's Net-NTLMv2 hash. “External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim,” Microsoft explained in its advisory. Microsoft also says that the vulnerability was exploited by the state-sponsored Russian hacking group Swallowtail (aka Strontium, APT28, Fancy Bear)