BTC $56051.8376
ETH $3218.1633
BNB $396.4199
SOL $110.7149
XRP $0.5519
ADA $0.6156
AVAX $39.1198
DOGE $0.0917
TRX $0.1407
wstETH $3728.9977
LINK $19.0128
DOT $8.0469
WETH $3193.8813
MATIC $1.0418
UNI $10.7764
WBTC $55911.0276
IMX $3.3222
ICP $12.9221
BCH $297.7215
LTC $75.3171
CAKE $3.2025
FIL $8.1465
ETC $28.0611
RNDR $7.5168
KAS $0.1715
DAI $1.0043
HBAR $0.1103
ATOM $11.0992
VET $0.0490
INJ $36.1781
TON $2.1807
OKB $51.3647
STX $3.1226
LDO $3.5279
FDUSD $0.9998
XMR $138.2001
TIA $17.3425
ARB $1.9103
NEAR $3.9893
XLM $0.1190
GRT $0.2848
ENS $22.1628
THETA $2.1616
WEMIX $2.1065
APEX $2.4652
MKR $2118.4103
BEAM $0.0360
BTC $56051.8376
ETH $3218.1633
BNB $396.4199
SOL $110.7149
XRP $0.5519
ADA $0.6156
AVAX $39.1198
DOGE $0.0917
TRX $0.1407
wstETH $3728.9977
LINK $19.0128
DOT $8.0469
WETH $3193.8813
MATIC $1.0418
UNI $10.7764
WBTC $55911.0276
IMX $3.3222
ICP $12.9221
BCH $297.7215
LTC $75.3171
CAKE $3.2025
FIL $8.1465
ETC $28.0611
RNDR $7.5168
KAS $0.1715
DAI $1.0043
HBAR $0.1103
ATOM $11.0992
VET $0.0490
INJ $36.1781
TON $2.1807
OKB $51.3647
STX $3.1226
LDO $3.5279
FDUSD $0.9998
XMR $138.2001
TIA $17.3425
ARB $1.9103
NEAR $3.9893
XLM $0.1190
GRT $0.2848
ENS $22.1628
THETA $2.1616
WEMIX $2.1065
APEX $2.4652
MKR $2118.4103
BEAM $0.0360
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Hackers are able to steal all your passwords through Outlook, even without installing additional software

    Ben Barnea of Akamai reveals the details of a new Zero-Click vulnerability for Windows.

    Cybersecurity researchers reported on a recently patched vulnerability in the MSHTML platform of the Windows operating system that could be used to bypass integrity protection mechanisms on target computers.

    The vulnerability has been identified as CVE-2023-29324 , with a CVSS rating of 6.5, and has been described as a security bypass. Microsoft fixed it as part of the May 2023 monthly security updates.

    Ben Barnea of Akamai, who first discovered and reported the bug, noted that all versions of Windows are vulnerable, but Microsoft Exchange servers with the March update no longer contain the vulnerable component.

    “An unauthorized Internet attacker could use this vulnerability to force the Outlook client to connect to a server controlled by the same attacker. This led to the theft of NTLM credentials. It is important to note that this is a Zero-Click vulnerability, meaning it worked without any user interaction,” Barnea explained.

    It is also worth noting that the CVE-2023-29324 vulnerability is a kind of workaround for another vulnerability, CVE-2023-23397, already patched in March - which, according to Akamai, was actively exploited last year by supposedly Russian hackers to escalate privileges in Outlook and steal data. .

    Akamai said the issue is related to complex path handling in Windows, which allows an attacker to create a malicious URL that can bypass internet zone security checks.

    “This vulnerability is another example of how patch analysis leads to new vulnerabilities and workarounds,” said Barnea. "This is a zero-click attack on the media parsing surface that could potentially contain critical memory corruption vulnerabilities."

    For complete protection, Microsoft recommends that users also install cumulative updates for Internet Explorer to fix vulnerabilities in the MSHTML framework and script engine.

    Author DeepWeb
    Cryptocurrency growth provoked a surge in account hacks on cryptocurrency exchanges
    Former Ubiquiti engineer sentenced to six years in prison trying to play God

    Comments 0

    Add comment