Why Microsoft just patched a patch that squashed an under-attack Outlook bug

Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims’ Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update.

To remind you of the original bug, tracked as CVE-2023-23397: it was possible to send someone an email that included a reminder with a custom notification sound. That custom sound could be specified as a URL path within the email.

Read more…
Source: The Register