Akamai discloses zero-click exploit for Microsoft Outlook
18-Dec-23
While investigating a previous Microsoft Outlook privilege escalation vulnerability, Akamai found two more vulnerabilities that together may be used to create a zero-click RCE exploit. Akamai Technologies found two additional Windows vulnerabilities during the examination of an earlier bypass mitigation that would enable an attacker to develop a zero-click exploit against Microsoft Outlook clients. Ben Barnea, an Akamai researcher, described the finding of two new Windows vulnerabilities, identified as CVE-2023-35384 and CVE-2023-36710, that were reported to Microsoft and fixed in a two-part report released on Monday. He was able to create an Outlook remote code execution (RCE) attack that didn’t require user input by connecting the two vulnerabilities.
