Avast researchers discovered a dangerous vulnerability in Microsoft software, then worked with Microsoft to rapidly patch it.
At Avast, our mission has always been to make the digital world a safer place for everyone. We are dedicated to discovering vulnerabilities, following responsible disclosure protocols, and collaborating with companies like Microsoft to ensure that these vulnerabilities are addressed swiftly and effectively. Today, we are pleased to share news of a recent high-value discovery that demonstrates the power of responsible disclosure in action.
Our team of researchers recently discovered a critical vulnerability (CVE-2023-29336) being actively exploited in the wild. This vulnerability allows for Local Privilege Escalation (LPE), which could potentially grant an attacker elevated permissions on a compromised system. We acted immediately, following the responsible disclosure guidelines, and reached out to Microsoft with our findings.
Responsible disclosure is a crucial aspect of cybersecurity. By notifying affected parties of vulnerabilities and giving them the opportunity to patch the issue before making the details public, we can help prevent widespread exploitation by malicious actors. Avast’s commitment to this practice helps protect not only our customers, but the entire digital ecosystem, from harm.
Working closely with Microsoft, our collaboration has led to a prompt and effective resolution of the issue. Today, we are happy to announce that a patch for this vulnerability is now available. Users are encouraged to update their systems as soon as possible to benefit from this security enhancement.
This discovery serves as a testament to the dedication and expertise of Avast’s security research team. Through our vigilant monitoring and analysis of security and threat trends, we aim to continually safeguard our customers and the broader online community.
At Avast, we will continue our mission to make the internet a safer place for everyone. We are proud of the role we play in protecting the digital ecosystem, and we remain committed to the principles of responsible disclosure and collaboration to address future vulnerabilities.