top of page

The recent Microsoft Outlook zero day exposes big risks - even if patched.

Writer's picture: Paul Gibbons Paul Gibbons



The recent Microsoft Outlook Zero Day (CVE-2023-23397) issue is an interesting one on a number of fronts.

One, it is a worst case scenario zero day that can run an exploit on a person's machine to potentially gain admin credentials without any user interaction! This is the kind of vulnerability that keeps CIOs and CTOs awake at night.

Secondly, although Microsoft patched this vulnerability very quickly to stop it being exploited remotely, it is still exploitable if a malicious operator is already on your network. So as it is not completely remediated by patching alone, it requires further mitigating actions and potentially some extensive forensic follow up to determine if employees have had their accounts breached. The potential work involved could seem overwhelming.

And finally, at a high level, it is the type of issue that could force you and your company to reassess how you can better manage your security going forward.

If you think your company could do with help in how to manage something like this, then VISO are here to help.

With a quick review from a cyber expert you can understand where your risk lies and have a detailed plan of action to plug short and medium term gaps, while understanding what you may need to do in the longer term to react to the constantly changing threats.

Our assessment includes:

  • Gap Analysis vs Best Practice - achieved through 3 x meetings/interviews of an hour long

  • Internal Vulnerability Scan - a host based scan of your network to understand the current vulnerabilities of your IT estate

  • External Threat Intelligence - a review of your internet facing IT estate including your email security, web security and also a deeper dive into the dark web to identify any organisational information (such as shared credentials or mentioned on dark web forums - the indicators of an imminent attack).

Timeframe: 2 Weeks to a month depending on your availability.

Contact VISO today to hear more about our Cyber Assessment Service and gain peace of mind.







23 views0 comments

Recent Posts

See All

Comments


Testimonials

Ibec - For Irish Business

"Ibec engaged with VISO two years ago.  While our primary objective was to improve our information security posture, we were also looking for a long-term partner with expertise and knowledge of the continually evolving cyber landscape. The professionals at VISO are a pleasure to work with and their team is always on hand when we need them."

2-3 Prospect Road, Glasnevin, Dublin 9, D09 K5V2

​

​

Telephone: Ireland +353 1 9121331  U.K.  +44 20 30260575

 

We simplify Cyber Security 

​

Privacy Policy

  • Twitter
  • Facebook
  • LinkedIn

© 2022 proudly created by The Rainbow Vault

ISO 27001 Cyber Security standard_Awarded to VISO Cyber Security
cyberessentials_certification- awarded to VISO Cyber Security
bottom of page