Keeping Knowledge Free for Over a Decade

Microsoft patches zero-day flaws in Teams, Edge and Skype

posted onOctober 4, 2023

by l33tdawg

Wikipedia

Credit: Wikipedia

Two zero-day flaws in popular Microsoft products including Edge, Teams, and Skype have been discovered and patched, the company has confirmed.

Microsoft addressed CVE-2023-4863, and CVE-2023-5217, which affect the programs’ code libraries used to encode and decode images in the WebP format, and videos with VP8 encoding. The two libraries in question are used, the publication further adds, by a large number of popular software and services, including Safari, Firefox, Opera, various Android web browsers, 1Password, and Signal, but also Netflix, YouTube, and Amazon Prime Video.

Should a threat actor abuse these flaws, they’d be able to run arbitrary code execution on vulnerable endpoints. "Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217," a company advisory stated.

Source

Tags

Microsoft Security

previous article

You May Also Like

Recent News

Monday, May 20th

WikiLeaks' Julian Assange Can Appeal His Extradition to the US, British Court Says

Craig Wright Lied About Creating Bitcoin And Faked Evidence, Judge Rules

Two students find security bug that could let millions do laundry for free

Lazarus Group Moves $147.5M in Stolen Crypto (BTC, ETH) to North Korea, UN Report Reveals

Time Is Running Out in the Hunt for Rare Bitcoin

“Unprecedented” Google Cloud event wipes out customer account and its backups

What happened to OpenAI’s long-term AI risk team?

Thursday, May 16th

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

MIT students stole $25M in seconds by exploiting ETH blockchain bug

BreachForums, an online bazaar for stolen data, seized by FBI

Wednesday, May 15th

It’s the End of Google Search As We Know It

Google strikes back at OpenAI with “Project Astra” AI agent prototype

Tuesday, May 14th

Security researcher says PoC for kernel vulnerability targeting iOS 17.4.1 and older coming soon

Apple releases iOS 17.5, macOS 14.5, and other updates as new iPads launch

Disarmingly lifelike: ChatGPT-4o

Monday, May 13th

FBI To Charge Teenager Hackers From Scattered Spider Who Hacked Hundreds Of Organizations

JTAG Hacking An SSD With A Pi: A Primer

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

North Korean hackers deploy ‘Durian’ malware, targeting crypto firms

Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

Google patches its fifth zero-day vulnerability of the year in Chrome

OpenAI revs up plans for web search, but denies report of an imminent launch

Friday, May 10th

Boeing Confirms Lockbit Hackers Wanted $200 Million Ransom After 2023 Hack

Dell discloses data breach of customers’ physical addresses

Poland says it was targeted by Russian military intelligence hackers

Leaked FBI email stresses need for warrantless surveillance of Americans

Stack Overflow users sabotage their posts after OpenAI deal

Fedora Asahi Remix 40 is another big step forward for Linux on Apple Silicon Macs

6 Practical Tips for Using Anthropic's Claude Chatbot

Thursday, May 9th

OpenAI Is ‘Exploring’ How to Responsibly Generate AI Porn

Dell responds to return-to-office resistance with VPN, badge tracking

Hands-on with the new iPad Pros and Airs: A surprisingly refreshing refresh

Wednesday, May 8th

Chinese Hackers Deployed Backdoor Quintet to Down MITRE

Apple announces M4 with more CPU cores and AI focus