this post was submitted on 19 Sep 2023
17 points (94.7% liked)

Windows 11

843 readers
1 users here now

Welcome to the community for Windows 11, Microsoft's latest computer operating system.

Rules:

founded 1 year ago
MODERATORS
 

Summary

  • ThemeBleed exploit is a new vulnerability in Windows Themes that allows remote code execution (RCE).

  • The vulnerability was discovered by Gabe Kirkpatrick and assigned the CVE identifier CVE-2023-38146.

  • It is a race condition vulnerability that can be triggered by opening a specially crafted .theme file.

  • Microsoft has released a patch for the vulnerability in the September 2023 Patch Tuesday updates.

  • However, the patch does not fix the more fundamental problem in the verification procedure of .msstyles files, nor does it add MOTW warnings to .themepack files.

  • The researcher notes that the vulnerability appears to be only present in Windows 11.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Bimbus 2 points 1 year ago (1 children)

Wish I could update windows but my last fresh install went horribly.

So many issues ive never run into before all at once.

[โ€“] [email protected] 1 points 1 year ago

I have seen people on bleeping computer (https://www.bleepingcomputer.com/) and Eleven Forum (https://www.elevenforum.com/) give useful helps, if you are not totally happy with searching for answers on your own.