Microsoft Addresses Multiple Zero-Day Vulnerabilities in May 2023 Patch Tuesday

May 10, 2023 at 02:23 PM

•

1 min read

Microsoft Addresses Multiple Zero-Day Vulnerabilities in May 2023 Patch Tuesday — Photo: The Hacker News

TL;DR Summary

Cybersecurity researchers have disclosed a zero-click vulnerability in Windows MSHTML platform that could be exploited to bypass integrity protections on targeted machines and steal NTLM credentials. The vulnerability, tracked as CVE-2023-29324, affects all Windows versions and is a bypass for a fix Microsoft put in place in March 2023 to resolve CVE-2023-23397. Microsoft has addressed the vulnerability as part of its Patch Tuesday updates for May 2023 and is recommending users to install Internet Explorer Cumulative updates to address vulnerabilities in the MSHTML platform and scripting engine.

Topics:technology #cybersecurity #ntlm #patch #vulnerability #windows #zero-click

Share this article

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft The Hacker News
Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws BleepingComputer
Microsoft Patch Tuesday, May 2023 Edition – Krebs on Security Krebs on Security
Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) Help Net Security
Microsoft issues optional fix for Secure Boot zero-day used by malware BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

73%

324 → 87 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights