Looks like Microsoft has released patches against CVE-2023-4863 and CVE-2023-5217 vulnerabilities for Microsoft Edge, Teams and Skype. The patches revolve around the vulnerable the libvpx & libwebp open source libraries used by these products. Update now!

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-teams-get-fixes-for-zero-days-in-open-source-libraries/

#infosec #cybersecurity #Microsoft #Edge #Skype #MSTeams #patchnow #CVE_2023_4863 #CVE_2023_5217 

 @481e848e What is not clear is why Teams was not patched for 5217. This is a weirder vuln, regarding vp8 encoding, not decoding. Even so, I'd like an explanation as to why Teams is not vulnerable.