Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” Akamai’s research team and Ben Barnea, the researcher who’s credited with finding the flaw, disagree with that assessment, because “the new vulnerability [CVE-2023-29324] re-enables the exploitation of a critical vulnerability [CVE-2023-23397] that was seen in the wild and used by APT operators.” About CVE-2023-23397 CVE-2023-23397 is an EoP bug in … More

The post Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) appeared first on Help Net Security.

This article has been indexed from Help Net Security

Read the original article: