Microsoft Addresses Multiple Zero-Day Vulnerabilities in May 2023 Patch Tuesday
Cybersecurity researchers have disclosed a zero-click vulnerability in Windows MSHTML platform that could be exploited to bypass integrity protections on targeted machines and steal NTLM credentials. The vulnerability, tracked as CVE-2023-29324, affects all Windows versions and is a bypass for a fix Microsoft put in place in March 2023 to resolve CVE-2023-23397. Microsoft has addressed the vulnerability as part of its Patch Tuesday updates for May 2023 and is recommending users to install Internet Explorer Cumulative updates to address vulnerabilities in the MSHTML platform and scripting engine.