A major Microsoft Outlook for Windows vulnerability (CVE-2023-23397) that enables remote password hash theft by just receiving an email has been disclosed by security experts.