Shulou(Shulou.com)11/24 Report--

CTOnews.com, May 12, Microsoft released a security patch for Outlook users this week, fixing a zero-day vulnerability in tracking number CVE-2023-29324.

This vulnerability was reported by Akamai security researcher Ben Barnea that all currently supported Windows versions are affected by the zero-day vulnerability, and there is evidence that hackers use this vulnerability to launch attacks.

Ben Barnea indicated that the vulnerability could be exploited by hackers to send UNC paths containing custom notification sounds and emails that extend MAPI attributes, resulting in Outlook clients connecting to the SMB shared network under their control.

Microsoft fixes this issue in the latest patch by adjusting the MapUrlToZone call to ensure that the UNC path does not link to the Internet URL and replaces the sound with the default reminder. CTOnews.com attached a patch link here, Microsoft warned: "customers must install updates to CVE-2023-23397 and CVE-2023-29324 to be fully protected."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.