Windows Spoofing Vulnerability Affects Outlook Users
CVE-2024-20670

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Outlook For Windows
Vendor: CVE Published:; 9 April 2024

Badges

📰 News Worthy

What is CVE-2024-20670?

The Windows Spoofing Vulnerability, tagged as CVE-2024-20670, affects Outlook for Windows users. It is part of a record-breaking Patch Tuesday release from Microsoft, which includes fixes for 147 vulnerabilities. The impact and potential exploitation of this vulnerability are not specified, and there is no indication of any exploitation by ransomware groups.

Affected Version(s)

Outlook for Windows Unknown 1.0.0 < 1.2023.0322.0100

News Articles

Krebs on Security

CVE-2024-20670

Tag: CVE-2024-20670

Tag Archives: CVE-2024-20670 April’s Patch Tuesday Brings Record Number of Fixes If only Patch Tuesdays came around infrequently — like total solar...

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Krebs on Security
Apr 14, 2024
Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Nov 28, 2023