Skip to main content

Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413)

Advisory

Advisory
19 FEB 2024

 

Background

A significant critical security issue in Outlook tracked as CVE-2024-21413 refers to a Remote Code Execution (RCE) vulnerability that exploits the Microsoft Outlook preview pane as an attack vector. Successful exploitation of this vulnerability would enable an attacker to bypass the Office Protected View and open in editing mode instead of protected mode. This vulnerability has a CVSS score of 9.8.

 

Impact

  • Allows Remote Code Execution (RCE).
  • Allows the threat actor to bypass the Office Protected View.
  • Attacker could gain high privileges including read, write, and delete functionality.
  • Unauthenticated attackers could exploit the vulnerability without user interaction.

 

Affected Products

  • Microsoft Office 2016 (both 32- bit and 64-bit editions)
  • Microsoft Office LTSC 2021
  • Microsoft 365 Apps for Enterprise
  • Microsoft Office 2019

 

Recommendations

  • Check and apply updated patches to secure the environment and improve overall cybersecurity posture.
  • Users running Office 2016 need to install all the updates listed for their editions
    (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413)
  • Firewall rules should be reviewed and tightened
  • Any anomalies and suspicious activities must be monitored and logged.
  • Limit server access to only necessary personnel.
  • Enable Multi-Factor Authentication (MFA) for all user accounts accessing the Exchange Server.
  • Provide employees with security awareness training. Phishing attacks, social engineering, and security best practices can prevent inadvertent security breaches.

 

References