Mozilla has commissioned a report highlighting Microsoft's alleged use of harmful design practices to influence Windows users into using its Edge browser over Google Chrome. The report claims that Microsoft employs tactics such as interruptions during Chrome installation, promoting Edge's benefits, and injecting ads into the search and install process. Mozilla argues that these practices inhibit user choice and competition, calling for regulatory action to restore browser choice and competition across major platforms.
Security researchers have revealed technical details about two now-patched security flaws in Microsoft Windows that could be exploited by threat actors to achieve remote code execution on the Outlook email service without any user interaction. The vulnerabilities, CVE-2023-35384 and CVE-2023-36710, were addressed by Microsoft in August and October 2023, respectively. CVE-2023-35384 is a bypass for a critical security flaw that Microsoft patched in March 2023, and it can be used to steal NTLM credentials and conduct a relay attack. The vulnerabilities can be chained together to create a full zero-click remote code execution exploit against Outlook clients. Organizations are advised to use microsegmentation to block outgoing SMB connections to remote public IP addresses and to disable NTLM or add users to the Protected Users security group to mitigate the risks.
