Microsoft patches zero-day flaws in Teams, Edge and Skype
Two zero-day flaws in popular Microsoft products including Edge, Teams, and Skype have been discovered and patched, the company has confirmed.
Microsoft addressed CVE-2023-4863, and CVE-2023-5217, which affect the programs’ code libraries used to encode and decode images in the WebP format, and videos with VP8 encoding. The two libraries in question are used, the publication further adds, by a large number of popular software and services, including Safari, Firefox, Opera, various Android web browsers, 1Password, and Signal, but also Netflix, YouTube, and Amazon Prime Video.
Should a threat actor abuse these flaws, they’d be able to run arbitrary code execution on vulnerable endpoints. "Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217," a company advisory stated.