all InfoSec news
How Outlook notification sounds can lead to zero-click exploits
Malware Analysis, News and Indicators - Latest topics malware.news
An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook.
Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings.
The first vulnerability, listed as CVE-2023-35384, is a Windows HTML platforms security feature bypass vulnerability. It allows an attacker to craft a malicious file or …
akamai august click code code execution exploits found microsoft notification october outlook patch problem rce remote code remote code execution researcher vulnerabilities windows zero-click