A security flaw in Microsoft’s MSHTML platform has been revealed by researchers, which has the potential to enable attackers to circumvent integrity protections on targeted machines. The vulnerability, identified as CVE-2023-29324, is categorized as a security feature bypass and impacts all versions of Windows. The flaw was discovered by security researcher Ben Barnea from Akamai, who cautioned that an attacker without authentication could exploit the vulnerability to manipulate an Outlook client into connecting to a server controlled by the attacker, leading to the theft of NTLM credentials. Microsoft addressed the flaw in its Patch Tuesday updates for May 2023; however, the company advises users to install Internet Explorer Cumulative updates for complete protection against this vulnerability.

Relevant URL: https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html