Remote Code Execution Vulnerability Affects Microsoft Outlook
Key Information
- Vendor
- Microsoft
- Status
- Microsoft Office 2019
- Microsoft 365 Apps For Enterprise
- Microsoft Office Ltsc 2021
- Microsoft Office 2016
- Vendor
- CVE Published:
- 13 February 2024
Badges
Summary
A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-21413, affects Microsoft Outlook and has been exploited as a zero-day before being patched during this month's Patch Tuesday. The vulnerability allows for remote unauthenticated attackers to exploit the flaw, gaining high privileges, including read, write, and delete functionality in affected systems. This was achieved by bypassing the Outlook Protected View Protocol, which could lead to the leaking of local NTLM credential information and RCE when opening emails with malicious links. The flaw also affects the Preview Pane and could be exploited by attackers without requiring user interaction. The impact of exploiting this vulnerability includes theft of NTLM credential information and arbitrary code execution via maliciously crafted Office documents. The vulnerability affects multiple Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. Check Point researchers discovered the vulnerability, urging all Outlook users to apply the official patch as soon as possible.
Affected Version(s)
Microsoft Office 2019 < 19.0.0
Microsoft 365 Apps for Enterprise < 16.0.1
Microsoft Office LTSC 2021 < 16.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Fat Patch Tuesday, February 2024 Edition
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.
8 months ago
How to Set Up a Network Research Laboratory for Malware Analysis (SOC & DFIR Teams)
Researchers can learn more about the exploit by making a proof-of-concept (PoC) and testing its functionality in a separate environment.
8 months ago
Critical vulnerability Microsoft Office CVE-2024-21413
Security alert about Microsoft Office vulnerability and the Stormshield product response. How to protect against CVE-2024-21413.
9 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by Malwarebytes
Vulnerability published.
Vulnerability Reserved.