Dive into the depths of recent revelations surrounding two now-patched security vulnerabilities in Microsoft Windows that cast a shadow over the Outlook email service. Discovered by Akamai security researcher Ben Barnea, these flaws, CVE-2023-35384 and CVE-2023-36710, offer a gateway for threat actors to achieve remote code execution on Outlook without any user interaction. The first vulnerability, a clever bypass of a previously patched flaw, raises concerns of privilege escalation and NTLM credential theft. The second flaw, targeting the Windows Media Foundation Core, exploits an integer overflow vulnerability through crafted WAV files, leading to a potential zero-click code execution. Read the article below as it unravel’s the intricacies of these vulnerabilities, their real-world implications highlighted by APT29’s active exploitation, and recommended mitigation strategies to fortify your defenses.
https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html