New Zero-Click Outlook RCE Exploits Revealed

Two newly discovered security flaws in Microsoft Windows could allow threat actors to achieve remote code execution on Outlook clients without any user interaction. The first vulnerability, CVE-2023-35384, is a bypass of a critical security flaw patched in March 2023, which could result in the theft of NTLM credentials and enable an attacker to conduct a relay attack. The second vulnerability, CVE-2023-36710, is an integer overflow vulnerability in the Audio Compression Manager (ACM) component, which could be exploited to download a custom sound file that, when autoplayed using Outlook's reminder sound feature, can lead to a zero-click code execution on the victim machine. To mitigate the risks, organizations are advised to use microsegmentation.

Related reads

Popular posts from this blog

Apple's Next Gen iPad Lineup: M3 MacBook Air and Refined iPad Pros on the Way?

Apple is planning to release new iPad Pro and iPad Air models in March 2024, featuring improved displays, processors, and designs. The iPad Pro will come in two sizes with an OLED display, while the iPad Air will have a new 10.9-inch and 12.9-inch option with an M2 chip. Apple is also expected to release a new Magic Keyboard specifically designed for the iPad Pro, and discontinue older models. Additionally, the company may update its MacBook Air lineup with new M3 chips and discontinue older models. Related reads 5 Apple products I'll definitely buy in 2024 The Apple iPad Air will get an M2 chip when it launches next year Apple could launch two new iPad Airs and two iPad Pros next year Apple may release M3 MacBook Air in March and refine its iPad lineup with new iPad Pro and iPad Air - Engadget
Read more

Intel Unveils Arrow Lake Gaming CPUs with AI Accelerators, Lunar Lake Brings Huge IPC Uplifts

Intel is releasing two new CPUs, Arrow Lake and Lunar Lake, in the second half of 2024. Arrow Lake is focused on gaming and includes an AI accelerator, while Lunar Lake offers significant IPC improvements and three times more AI performance on both the GPU and NPU than Meteor Lake. The Lunar Lake chip has one large die and two accompanying structures that appear to be on-package DRAM. Intel is already in the final stages of developing these processors and showed a brief glimpse of the Lunar Lake chip at CES 2024. Additionally, Intel introduced new desktop processors, including the Raptor Lake refresh for thin and light devices. Related reads CES 2024: Intel Briefly Shows Lunar Lake Chip; Next-Gen Mobile CPU Uses On-Package Memory - AnandTech Intel's Arrow Lake and Lunar Lake CPUs will arrive in 2024 - three times more AI performance for both GPU and NPU Intel Arrow Lake Gaming CPUs With AI Accelerators Coming This Fall, Next-Gen Lunar Lake Brings Significant IPC Over 3X NPU Uplif...
Read more

MediaTek Optimizes Chips for Next-Gen Gemini Nano Devices

MediaTek has partnered with Google to optimize its Dimensity 9300 and 8300 chipsets for Gemini Nano, a lightweight language model (LLM). This collaboration aims to make AI more accessible on more smartphones, starting with mid-range devices. The optimized Gemini Nano will enable on-device AI features, providing seamless performance, greater privacy, better security, lower latency, and lower operating costs. While flagship devices already benefit from Google's mobile-optimized LLM, this collaboration will make it easier for developers and OEMs to integrate Gemini Nano into their apps, making AI features more widespread. Related reads MediaTek announces Dimensity 9300 and 8300 chips are now optimized for Google Gemini Nano MediaTek optimizes Dimensity chips for Gemini Nano - Android Central Gemini Nano Is Helping With On-Device AI Features On Mid-Range Devices
Read more