Headline
CVE-2023-35336: Windows MSHTML Platform Security Feature Bypass Vulnerability
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.
To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it.
The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.