CVE-2023-24880

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party

Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix. First up: prioritize patching CVE-2023-23397, a privilege elevation bug in Microsoft Outlook that received a 9.8 out of 10 CVSS rating. While details of the hole haven't been publicly disclosed, it has already been exploited in the wild, and Microsoft lists its...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Not-so-smart SmartScreen flagged up by Googlers

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google's Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to Microsoft last month. Redmond has patched the Windows-Office vulnerability, tracked as CVE-2023-24880, today in its monthly Patch Tuesday event.   It's related to a similar Windows SmartScreen securi...