Remote Code Execution Vulnerability Affects Microsoft Outlook

CVE-2024-21413
9.8CRITICAL

Key Information

Vendor
Microsoft
Status
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc 2021
Microsoft Office 2016
Vendor
CVE Published:
13 February 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-21413, affects Microsoft Outlook and has been exploited as a zero-day before being patched during this month's Patch Tuesday. The vulnerability allows for remote unauthenticated attackers to exploit the flaw, gaining high privileges, including read, write, and delete functionality in affected systems. This was achieved by bypassing the Outlook Protected View Protocol, which could lead to the leaking of local NTLM credential information and RCE when opening emails with malicious links. The flaw also affects the Preview Pane and could be exploited by attackers without requiring user interaction. The impact of exploiting this vulnerability includes theft of NTLM credential information and arbitrary code execution via maliciously crafted Office documents. The vulnerability affects multiple Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. Check Point researchers discovered the vulnerability, urging all Outlook users to apply the official patch as soon as possible.

Affected Version(s)

Microsoft Office 2019 < 19.0.0

Microsoft 365 Apps for Enterprise < 16.0.1

Microsoft Office LTSC 2021 < 16.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
Created by xaitax

CVE-2024-21413
Created by duy-31

CVE-2024-21413
Created by CMNatic

News Articles

favicon imageKrebs on Security

Fat Patch Tuesday, February 2024 Edition

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

6 months ago

favicon imageCybersecurityNews

How to Set Up a Network Research Laboratory for Malware Analysis (SOC & DFIR Teams)

Researchers can learn more about the exploit by making a proof-of-concept (PoC) and testing its functionality in a separate environment. 

6 months ago

favicon imageStormshield

Critical vulnerability Microsoft Office CVE-2024-21413

Security alert about Microsoft Office vulnerability and the Stormshield product response. How to protect against CVE-2024-21413.

7 months ago

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by Malwarebytes

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed7 Proof of Concept(s)8 News Article(s)
.