Remote Code Execution Vulnerability Affects Microsoft Outlook

CVE-2024-21413
9.8CRITICAL

Key Information

Vendor
Microsoft
Status
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc 2021
Microsoft Office 2016
Vendor
CVE Published:
13 February 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-21413, affects Microsoft Outlook and has been exploited as a zero-day before being patched during this month's Patch Tuesday. The vulnerability allows for remote unauthenticated attackers to exploit the flaw, gaining high privileges, including read, write, and delete functionality in affected systems. This was achieved by bypassing the Outlook Protected View Protocol, which could lead to the leaking of local NTLM credential information and RCE when opening emails with malicious links. The flaw also affects the Preview Pane and could be exploited by attackers without requiring user interaction. The impact of exploiting this vulnerability includes theft of NTLM credential information and arbitrary code execution via maliciously crafted Office documents. The vulnerability affects multiple Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. Check Point researchers discovered the vulnerability, urging all Outlook users to apply the official patch as soon as possible.

Affected Version(s)

Microsoft Office 2019 < 19.0.0

Microsoft 365 Apps for Enterprise < 16.0.1

Microsoft Office LTSC 2021 < 16.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by Malwarebytes

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed7 Proof of Concept(s)8 News Article(s)
.