[News] ThemeBleed exploit is another reason to patch Windows quickly

Summary

  • ThemeBleed exploit is a new vulnerability in Windows Themes that allows remote code execution (RCE).
  • The vulnerability was discovered by Gabe Kirkpatrick and assigned the CVE identifier CVE-2023-38146.
  • It is a race condition vulnerability that can be triggered by opening a specially crafted .theme file.
  • Microsoft has released a patch for the vulnerability in the September 2023 Patch Tuesday updates.
  • However, the patch does not fix the more fundamental problem in the verification procedure of .msstyles files, nor does it add MOTW warnings to .themepack files.
  • The researcher notes that the vulnerability appears to be only present in Windows 11.
Bimbus,

Wish I could update windows but my last fresh install went horribly.

So many issues ive never run into before all at once.

Raisin8659,
@Raisin8659@monyet.cc avatar

I have seen people on bleeping computer (www.bleepingcomputer.com) and Eleven Forum (www.elevenforum.com) give useful helps, if you are not totally happy with searching for answers on your own.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • windows11@lemmy.world
  • DreamBathrooms
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • InstantRegret
  • Durango
  • provamag3
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • JUstTest
  • lostlight
  • All magazines
    •