Ben Barnea from Akamai has revealed technical details about two corrected vulnerabilities in Windows. These vulnerabilities can be exploited to execute code remotely (Remote Code Execution, RCE) in the Outlook mail service without any interaction from the user. The AKAMAI report on these vulnerabilities was compiled in two parts: [1] and [CVE-2023-35384], which was detected in August, and [CVE-2023-36710], which has an estimated CVSS score of 7.8 and was detected in October.
The CVE-2023-35384 vulnerability is associated with the mapurltozone function, which can be exploited to send an email with a malicious file or URL address to the Outlook client.
CVE-2023-35384 was described as a bypass for a critical privilege elevation vulnerability that Microsoft had previously corrected in March 2023 (CVE-2023-23397), which has a CVSS rating of 9.8. This vulnerability allows attackers to hijack the NET-NTLMV2 hash and gain access to user accounts. Moreover, the APT28 group utilized CVE-2023-23397 for unauthorized account access on Exchange servers.
The CVE-2023-36710 vulnerability affects the Audio Compression Manager (ACM) component, an outdated Windows multimedia system. It is caused by an integer overflow.
This vulnerability can lead to unpredictable behavior or serious security issues. For instance, when the integer overflows, the variable’s value can be changed, and this can result in the execution of incorrect operations, access to incorrect data, or denial of service.