Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29324: Windows MSHTML Platform Security Feature Bypass Vulnerability

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?

An attacker can craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability of the victim machine.

Microsoft Security Response Center
#vulnerability#web#mac#windows#microsoft#Windows MSHTML Platform#Security Vulnerability

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

Windows MSHTML Platform Security Feature Bypass Vulnerability

References

Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

  • MISC:Windows MSHTML Platform Security Feature Bypass Vulnerability
  • URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324

Assigning CNA

Microsoft Corporation

Date Record Created

20230404

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230404)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:

You can also search by reference using the CVE Reference Maps.

For More Information: CVE Request Web Form (select “Other” from dropdown)

Related news

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023. Akamai security

CVE-2023-29324

Windows MSHTML Platform Security Feature Bypass Vulnerability

Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years

One of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in which this is the case.

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog.