Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia’s military intelligence service GRU to target European organizations. The security vulnerability was exploited in attacks to target and breach the networks of fewer than 15 government, military, energy, and transportation organizations between mid-April and December 2022.