PatchSiren cyber security CVE debrief
CVE-2023-35311 Microsoft CVE debrief
CVE-2023-35311 is a Microsoft Outlook security feature bypass vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The supplied sources confirm known exploitation and direct defenders to apply Microsoft updates as soon as possible, or discontinue use of the product if updates are unavailable. Because the source corpus does not include affected versions or exploit mechanics, the main action is operational prioritization rather than deep technical validation.
- Vendor
- Microsoft
- Product
- Outlook
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2023-07-11
- Original CVE updated
- 2023-07-11
- Advisory published
- 2023-07-11
- Advisory updated
- 2023-07-11
Who should care
Microsoft Outlook administrators, endpoint and email security teams, patch management owners, vulnerability management teams, and incident response staff responsible for internet-facing or widely deployed Windows productivity environments.
Technical summary
The supplied corpus identifies CVE-2023-35311 as a Microsoft Outlook security feature bypass vulnerability. CISA’s KEV entry confirms it as known exploited and includes Microsoft’s update-guide link in the notes, but the provided sources do not disclose affected versions, attack preconditions, or exploit steps. Treat the issue as a high-priority remediation item because it is on the KEV catalog with a required action to apply vendor updates or discontinue use if updates are unavailable.
Defensive priority
High. The vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog and has a KEV due date of 2023-08-01 in the supplied timeline, so remediation should be expedited.
Recommended defensive actions
- Apply Microsoft’s recommended updates for CVE-2023-35311 using the vendor guidance referenced in the KEV notes.
- Confirm whether Microsoft Outlook is deployed in your environment and map the exposure of affected systems and users.
- Track remediation against the CISA KEV due date of 2023-08-01 and escalate any unpatched instances.
- If updates cannot be applied promptly, follow the KEV-required action and discontinue use of the product where feasible until remediation is complete.
- Validate patch status through centralized vulnerability and asset management rather than relying on manual reports alone.
Evidence notes
The supplied corpus contains a CISA KEV entry dated 2023-07-11 naming this issue as a Microsoft Outlook Security Feature Bypass Vulnerability, with a required action to apply vendor updates or discontinue use if updates are unavailable. The KEV metadata marks knownRansomwareCampaignUse as Unknown. The notes cite Microsoft’s MSRC update guide and the NVD record, but the corpus itself does not provide CVSS, affected versions, or exploit mechanics.
Official resources
-
CVE-2023-35311 CVE record
CVE.org
-
CVE-2023-35311 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
-
Source item URL
cisa_kev
The supplied records are dated 2023-07-11 for both the CVE and the CISA KEV entry. In this debrief, that date is treated as the public reference date in the provided corpus, not as a claim about when the underlying flaw was originally found