all InfoSec news
Micropatches Released For Microsoft WordPad Information Disclosure (CVE-2023-36563)
Malware Analysis, News and Indicators - Latest topics malware.news
October 2023 Windows Updates brought a patch for CVE-2023-36563, an "Information Disclosure" vulnerability in WordPad that was found by Microsoft Threat Intelligence as being exploited in the wild. A better name for this vulnerability would be "Coerced authentication" or "Forced authentication", as it falls in the same class of vulnerabilities as various similar issues that we've patched before.
In any case, the vulnerability allows an attacker to create a Rich Text Format (RTF) document which, when opened by the …
authentication class cve cve-2023-36563 disclosure exploited found information information disclosure intelligence microsoft name october patch threat threat intelligence updates vulnerabilities vulnerability windows windows updates wordpad