Microsoft has issued guidance to help customers identify indicators of compromise related to a recently patched Outlook vulnerability, CVE-2023-23397. This critical flaw relates to a case of privilege escalation that can be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without any user interaction. The vulnerability was resolved as part of Microsoft's Patch Tuesday updates for March 2023, but it was weaponized by Russian threat actors in attacks targeting the government, transportation, energy, and military sectors in Europe. Microsoft recommends that organizations review SMBClient event logging, process creation events, and other available network telemetry to identify potential exploitation via CVE-2023-23397.