Ben Lichtman

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: A security-feature bypass exists in Windows due to a protection mechanism failure in the `MapUrlToZone` function. This allows an unauthorized attacker to bypass a security feature over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the fixed version **Description** The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. The vulnerability can be exploited if a filename ends in Extended ASCII 255 (NBSP), which can be written and read by Office, although it does not perform any actions with it. There have been reports of this issue being exploited in the wild, with some organizations still being vulnerable despite having August 2023 updates. **Recommendations** For Microsoft Office versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting the use of filenames that end in Extended ASCII 255 (NBSP) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows HTML Platforms (affected versions not specified) **Description** The issue is related to errors in security settings, allowing a remote attacker to disclose protected information. It is a security-feature bypass vulnerability that affects the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.