The recent Microsoft Outlook Zero Day (CVE-2023-23397) issue is an interesting one on a number of fronts.
One, it is a worst case scenario zero day that can run an exploit on a person's machine to potentially gain admin credentials without any user interaction! This is the kind of vulnerability that keeps CIOs and CTOs awake at night.
Secondly, although Microsoft patched this vulnerability very quickly to stop it being exploited remotely, it is still exploitable if a malicious operator is already on your network. So as it is not completely remediated by patching alone, it requires further mitigating actions and potentially some extensive forensic follow up to determine if employees have had their accounts breached. The potential work involved could seem overwhelming.
And finally, at a high level, it is the type of issue that could force you and your company to reassess how you can better manage your security going forward.
If you think your company could do with help in how to manage something like this, then VISO are here to help.
With a quick review from a cyber expert you can understand where your risk lies and have a detailed plan of action to plug short and medium term gaps, while understanding what you may need to do in the longer term to react to the constantly changing threats.
Our assessment includes:
Gap Analysis vs Best Practice - achieved through 3 x meetings/interviews of an hour long
Internal Vulnerability Scan - a host based scan of your network to understand the current vulnerabilities of your IT estate
External Threat Intelligence - a review of your internet facing IT estate including your email security, web security and also a deeper dive into the dark web to identify any organisational information (such as shared credentials or mentioned on dark web forums - the indicators of an imminent attack).
Timeframe: 2 Weeks to a month depending on your availability.
Contact VISO today to hear more about our Cyber Assessment Service and gain peace of mind.
