A vulnerability has been discovered in Microsoft Outlook, Word and Excel that can intercept a hash of your password without much complexity.
Microsoft has confirmed that a severe vulnerability, CVE-2023-23397, has been found in Microsoft Office (Outlook, Excel, Word) that could allow password hashes to be stolen without user interaction, allowing unauthorized access to infrastructure this user is possible. A hashed password is an encrypted version of your password.
It is the so-called Net-NTLMv2 hash that can be intercepted when a hacker sends a specially designed email that initiates the process even before the message is opened or previewed. That email can establish a connection to an external environment where the password is forwarded, hashed and can be collected by the attacker.
The issue is present in all Microsoft Office for Windows versions supported by Microsoft. Other versions, such as Office via the web, are not vulnerable. Microsoft has now released a security update for this.