1
[News] ThemeBleed exploit is another reason to patch Windows quickly (www.malwarebytes.com)
submitted 1 year ago by Raisin8659 to c/windows11@lemmy.world
2 comments fedilink hide all child comments

Summary

  • ThemeBleed exploit is a new vulnerability in Windows Themes that allows remote code execution (RCE).

  • The vulnerability was discovered by Gabe Kirkpatrick and assigned the CVE identifier CVE-2023-38146.

  • It is a race condition vulnerability that can be triggered by opening a specially crafted .theme file.

  • Microsoft has released a patch for the vulnerability in the September 2023 Patch Tuesday updates.

  • However, the patch does not fix the more fundamental problem in the verification procedure of .msstyles files, nor does it add MOTW warnings to .themepack files.

  • The researcher notes that the vulnerability appears to be only present in Windows 11.

top 2 comments
sorted by: hot top controversial new old
[-] Bimbus@lemmy.world 2 points 1 year ago

Wish I could update windows but my last fresh install went horribly.

So many issues ive never run into before all at once.

[-] Raisin8659 1 points 1 year ago

I have seen people on bleeping computer (https://www.bleepingcomputer.com/) and Eleven Forum (https://www.elevenforum.com/) give useful helps, if you are not totally happy with searching for answers on your own.

this post was submitted on 19 Sep 2023
1 points (100.0% liked)

Windows 11

626 readers
16 users here now

Welcome to the community for Windows 11, Microsoft's latest computer operating system.

Rules:

Related Communities:

founded 1 year ago
MODERATORS
uidev@lemmy.world