Among the latest set of patches released by Microsoft, a fix for CVE-2023-23397 is available to fix an NTLM vulnerability in Outlook for Windows clients. The update closes a hole where attackers can use specially formatted messages to force NTLM credentials to be sent outside the organization.
https://practical365.com/cve-2023-23397-ntlm-vulnerability/
