May 18, 2024
By Cybervergent Team

Critical Microsoft Outlook RCE Vulnerability (CVE-2024-21413)

Microsoft has identified a critical security vulnerability, CVE-2024-21413, in Microsoft Outlook, affecting multiple versions, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019 (under extended support). This Remote Code Execution (RCE) bug allows remote, unauthenticated attackers to exploit Outlook easily.

Vulnerability Details:

1.Attack Vector: The flaw, named Moniker Link by Check Point researchers, enables attackers to bypass Outlook's built-in protections for malicious links embedded in emails. The vulnerability occurs when opening emails containing malicious links using a vulnerable version of Microsoft Outlook.

2. Protected View Bypass: Attackers can bypass Office Protected View, designed to block harmful content by opening files in read-only mode, allowing them to open malicious Office files in editing mode.

3. Preview Pane Exploitation: The Preview Pane in Outlook serves as an additional attack vector, enabling exploitation even when previewing malicious Office documents.

4. NTLM Credential Leak: Successful exploitation of CVE-2024-21413 may lead to the theft of NTLM credential information, granting attackers elevated privileges, including read, write, and delete functionality.

5. Zero-Day Exploitation: Microsoft has confirmed that this vulnerability was exploited as a zero-day before the recent Patch Tuesday. It is crucial for users to apply the official patch promptly.

Recommendations

1. Apply Official Patch: Microsoft has released a security patch addressing CVE-2024-21413. All Outlook users are strongly advised to apply the official patch immediately.

2. Update Software: Ensure that Microsoft Office, including Outlook, is regularly updated to the latest version to benefit from security enhancements and bug fixes.

3. Exercise Caution: Exercise caution when opening emails, especially those from unknown or untrusted sources. Be wary of emails containing links or attachments.

Microsoft and Check Point emphasize the seriousness of this issue, and prompt action is essential to safeguard systems and data. Regularly check for updates from Microsoft and adhere to best security practices to minimize the risk of exploitation.