Researchers have disclosed new details about vulnerabilities in Microsoft Outlook that could enable remote code execution (RCE) without user interaction. The vulnerabilities were discovered by Akamai researchers and involve leveraging sound file attachments to achieve 0-click RCE against Outlook. The exploits bypass previous Microsoft fixes and can be used to trigger security flaws in Outlook. The discovery includes a novel technique that bypasses DMARC and email protections. Additionally, a separate report details a man-in-the-middle (MITM) attack on SSH, which can compromise the protocol's integrity.
Hackers can break SSH channel integrity using novel data-corruption attack https://t.co/VsC8jOGPxE
This is a nicely detailed 2-part writeup about two vulnerabilities that can affect Outlook: CVE-2023-35384 and CVE-2023-36710. But it's a good example of what I picture to be a problem in our field How does one distinguish between a vulnerability that might be exploitable vs. IS? https://t.co/CZbOwGLxOD
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File: https://t.co/VSoyyqSWTk by darkreading #infosec #cybersecurity #technology #news
Researchers detail a MITM attack on SSH that can break the integrity of the protocol, the first "practical attack of its kind"; fixes face compatibility issues (@dangoodin001 / Ars Technica) https://t.co/rgTTy7FlOr 📫 Subscribe: https://t.co/OyWeKSRpIM https://t.co/PKEmmIEh2X
Hackers can break SSH channel integrity using novel data-corruption attack https://t.co/LcFWQNcddh
.@Akamai researchers continue to find #vulnerability mitigation bypasses for previous #Microsoft fixes. https://t.co/vq26kyW5GV
Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections: https://t.co/ms4YdzopYi by darkreading #infosec #cybersecurity #technology #news
Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits: https://t.co/IIwaPrutiX by The Hacker News #infosec #cybersecurity #technology #news
Happy to finally publish my research of finding a 0-click RCE vulnerability chain against Outlook client. First blogpost goes into details of bypassing Outlook's CVE-2023-23397 mitigation using Windows paths tricks. The second one goes into audio codec decoding. https://t.co/dasAhrMdSc
Akamai finds new Outlook exploits that leverage sound file attachments https://t.co/ZvqIlop3DR
⚡ Researchers reveal new details about #Microsoft 📧Outlook vulnerabilities that could allow attackers to achieve RCE on Outlook without any user interaction. Learn how these zero-click exploits were discovered: https://t.co/2n0EuIxkcp #cybersecurity #infosec
Did you hear that? Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows. Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook. Full write-up: https://t.co/W2bXFwTxJK https://t.co/uUj88b4hS1