Microsoft Outlook Vulnerability

Microsoft Outlook Vulnerability

It is a Remote Code Execution (RCE) vulnerability in Microsoft Outlook, which is expected to occur in Outlook 2016 until 2021 (see CVE-2024-21413). Microsoft published this CVE-2024-21413 support article on February 13, 2024, which was updated again on February 14.

The vulnerability discovered by Checkpoint Security allows an attacker to bypass the protected Office view and open the document in edit mode instead of protected mode. Even the preview window for emails in Microsoft Outlook is sufficient as an attack vector. An attacker who successfully exploits this vulnerability could gain high privileges that include read, write and delete rights.

To do this, the attacker must create a malicious link that bypasses the Protected View protocol. This then leads to the leakage of local NTLM credentials and remote code execution (RCE). Microsoft classifies the vulnerability as critical.

Affected Systems

-

IoC’s

-

Recommended Solution(s)

To be protected, customers with Office 2016 must install all updates for this Office version from February 2024, which Microsoft has listed in its CVE-2024-21413 support post.

Microsoft Office 2016 KB5002537
Microsoft Office 2016 KB5002467
Microsoft Office 2016 KB5002522
Microsoft Office 2016 KB5002469
Microsoft Office 2016 KB5002519

The packages for Microsoft Office 2019 and 2021 (click-to-run versions) and Microsoft Office 365 have also been updated so that the vulnerability is closed. The updates are listed in the Microsoft CVE-2024-21413 support article.

CVE / CWE

CVE-2024-21413

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2024-21413
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
• https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.