Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

10 May 2023

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” Akamai’s research team and Ben Barnea, the researcher who’s credited with finding the flaw, disagree with that assessment, because “the new vulnerability [CVE-2023-29324] re-enables the exploitation of a critical vulnerability [CVE-2023-23397] that was seen in the wild and used by APT operators.” About CVE-2023-23397 CVE-2023-23397 is an EoP bug in Microsoft Outlook that can be triggered without user interaction (aka “zero-click”). “External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers’ control.

Read full article on Help Net Security

Date:

10 May 2023

Categorie(s):

NEWS

Tag(s):

Akamai, CDN, IT, Microsoft Office, Microsoft Outlook

McAfee and Intel Collaborate to Combat Deepfakes with AI-Powered Deepfake Detection6 May 2024
RSA Conference 2024: What to expect6 May 2024
Strategies for preventing AI misuse in cybersecurity6 May 2024
Organizations go ahead with AI despite security risks6 May 2024
How to prepare for the CISSP exam: Tips from industry leaders6 May 2024