Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” Akamai’s research team and Ben Barnea, the researcher who’s credited with finding the flaw, disagree with that assessment, because “the new vulnerability [CVE-2023-29324] re-enables the exploitation of a critical vulnerability [CVE-2023-23397] that was seen in the wild and used by APT operators.” About CVE-2023-23397 CVE-2023-23397 is an EoP bug in … More →

The post …

akamai assessment ben bug click cve don't miss flaw important may may 2023 patch tuesday microsoft mshtml outlook patch patch tuesday platform research researcher team tuesday vulnerabilities vulnerability windows zero-click