How Outlook notification sounds can lead to zero-click exploits


An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook.

Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first vulnerability, listed as CVE-2023-35384, is a Windows HTML platforms security feature bypass vulnerability.

Read more…
Source: Malwarebytes Labs