all InfoSec news
Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)
Help Net Security www.helpnetsecurity.com
Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” Akamai’s research team and Ben Barnea, the researcher who’s credited with finding the flaw, disagree with that assessment, because “the new vulnerability [CVE-2023-29324] re-enables the exploitation of a critical vulnerability [CVE-2023-23397] that was seen in the wild and used by APT operators.” About CVE-2023-23397 CVE-2023-23397 is an EoP bug in … More
The post …
akamai assessment ben bug click cve don't miss flaw important may may 2023 patch tuesday microsoft mshtml outlook patch patch tuesday platform research researcher team tuesday vulnerabilities vulnerability windows zero-click