Remote Code Execution Vulnerability Affects Microsoft Outlook
CVE-2024-30103

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc 2021
Microsoft Outlook 2016
Vendor
CVE Published:
11 June 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 21,200👾 Exploit Exists📰 News Worthy

What is CVE-2024-30103?

CVE-2024-30103 is a critical remote code execution vulnerability affecting Microsoft Outlook, a widely used email and personal information management application. This vulnerability allows attackers to remotely execute arbitrary code on an affected system by leveraging specific malicious inputs, potentially leading to severe consequences for organizations. Given the central role Outlook plays in corporate communications and operations, the exploitation of this vulnerability can compromise sensitive data, disrupt business continuity, and facilitate further attacks within an organization’s network.

Technical Details

The vulnerability exists due to improper handling of certain inputs in Microsoft Outlook, which allows attackers to craft specially designed emails or attachments. When a user interacts with these malicious elements, it triggers the execution of unauthorized code in the context of the user’s session. This flaw affects various versions of Microsoft Outlook, making it a widespread risk for many organizations using this software for email and scheduling purposes.

Impact of the Vulnerability

  1. Remote Code Execution: The most significant impact of CVE-2024-30103 is the potential for remote code execution, allowing attackers to gain control of systems without requiring physical access. This can lead to unauthorized data access and manipulation.

  2. Data Breaches: Exploitation of this vulnerability could result in unauthorized access to sensitive information stored within email accounts or corporate resources, leading to potential data breaches and financial losses.

  3. Malware Deployment: Successful exploitation could enable attackers to install malware on affected systems, which can further propagate within the organization’s network, leading to larger-scale attacks, including ransomware infections and data exfiltration efforts.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

News Articles

favicon imageMorphisec

Technical Analysis: CVE-2024-30103

In this blog Morphisec researchers provide technical analysis of CVE-2024-30103, a remote code execution vulnerability impacting Microsoft Outlook.

5 months ago

favicon imageCybersecurityNews

Critical Microsoft Outlook Zero-Click RCE Flaw Executes as Email is Opened

This vulnerability, designated as CVE-2024-30103, enables attackers to run arbitrary code by sending a specially designed email. When the recipient opens the email, the exploit is triggered.

7 months ago

favicon imageThe Hacker News

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft's June Patch Tuesday fixes 51 vulnerabilities, including critical flaws. Stay protected with the latest updates.

7 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Morphisec

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed6 News Article(s)
.