image credit: Unsplash

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

May 10, 2023

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.

The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.

Akamai security researcher Ben Barnea, who discovered and reported the bug, noted that all Windows versions are affected, but pointed out Microsoft, Exchange servers with the March update omit the vulnerable feature.

Read More on The Hacker News