![]() ![]() Of the remaining flaws, all but 10 were deemed "important" security risks, the designation Microsoft normally reserves for bugs that require users to open files for an exploit to occur. The Stackasked Microsoft for clarification on the bug in question but had not heard back from the company at the time of publication. There’s clearly something that makes this bug stand out, but Microsoft offers no clues as to what that may be." "The exception is when the Preview Pane is an attack vector, but that’s not documented here. "This is a bit odd since these types of open-and-own bugs are typically rated Important due to the needed user interaction," Childs writes. Of the six bugs rated as "critical" three were found to be in the Windows Message service ( CVE-2023-35385, CVE-2023-36910, CVE-2023-36911) while the remaining three were split between a pair of teams flaws ( CVE-2023-29328, CVE-2023-29330) and one flaw in Outlook ( CVE-2023-36895) that caught the eye of researchers.Ĭhilds noted that the Outlook flaw stuck out in particular because it is rare for a file-based vulnerability (which requires user interaction) does not normally fit Microsoft's definition of a "critical" vulnerability. "This volume of fixes is the highest we’ve seen in the last few years, although it’s not unusual to see Microsoft ship a large number of patches right before the Black Hat USA conference," noted Dustin Childs of the Trend Micro Zero Day Initiative. The software giant said that of the 86 CVE-listed vulnerabilities it was addressing in its various products an services, six should be considered 'critical' vulnerabilities though none are listed as being exploited in the wild. ![]() ![]() Microsoft has shipped fixes for 86 security vulnerabilities in its August 2023 Patch Tuesday release. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |