Microsoft has patched a flaw in its Outlook email service which allowed threat actors to bypass a previously issued patch for a privilege escalation flaw. A patch for a patch, so to speak.
Cybersecurity researcher Ben Barnea from Akamai recently discovered a zero-click bypass, which is now tracked as CVE-2023-29324. The flaw is present in all versions of Outlook, thus everyone’s vulnerable, he concluded.
“All Windows versions are affected by the vulnerability. As a result, all Outlook client versions on Windows are exploitable,” Barnea said.