One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8647563 |
| Date de publication | 2025-02-08 14:43:36 (vue: 2025-02-08 09:53:47) |
| Titre | Critical Microsoft Outlook RCE Bug Actively Exploited In Attacks |
| Texte | Cybersecurity firm Check Point has discovered a critical remote code execution (RCE) vulnerability in Microsoft Outlook, which is currently being exploited in active cyberattacks, posing a significant threat to organizations worldwide.
This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to warn the U.S. federal agencies to secure their systems against such ongoing attacks.
Check Point vulnerability researcher Haifei Li discovered the high-severity RCE vulnerability tracked as CVE-2024–21413 (CVSS score 9.8).
This flaw results from improper input validation, which can trigger code execution when opening emails with malicious links using a vulnerable Microsoft Outlook version.
Successful exploitation of this vulnerability would allow a threat actor to bypass the Office Protected View and open malicious files in editing mode rather than protected mode.
It could also grant the threat actor elevated privileges, including the ability to read, write, and delete data.
Microsoft addressed the CVE-2024–21413 vulnerability a year ago, cautioning that the Preview Pane could itself be an attack vector.
As a result, simply viewing a malicious email within Outlook might be enough to trigger the exploit, making it exceptionally dangerous.
According to Check Point, attackers exploit the vulnerability dubbed Moniker Link, a method that tricks Outlook into opening unsafe files.
This allows the threat actors to bypass built-in Outlook protections for malicious links embedded in emails using the file:// protocol.
The attackers can manipulate Outlook to treat malicious files as trusted resources by appending an exclamation mark followed by arbitrary text to a file URL.
By inserting this exclamation mark immediately after the file extension in URLs pointing to attacker-controlled servers, along with some random text, they can deceive the system and execute malicious payloads.
For example, an attacker might craft a link as shown below:
CLICK ME
When a victim clicks on the link, Outlook retrieves the file from the attacker’s server and runs it with elevated privileges, granting the attacker control over the system.
The CVE-2024-21413 vulnerability has affected multiple Microsoft Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019.
In response to the active exploitation of this vulnerability, CISA has added CVE-2024-21413 to its Known Exploited Vulnerabilities (KEV) Catalog.
As per the November 2021 Binding Operational Directive (BOD) 22-01, the federal agencies have been given time until February 27, 2025, to patch their systems and protect their networks against potential threats.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned on Thursday.
With active exploitation in the wild, CVE-2024-21413 presents a severe security risk to Outlook users.
Hence, private organizations are advised to immediately apply patches and reinforce cybersecurity defenses to prevent potential breaches.
Cybersecurity firm Check Point has discovered a critical remote code execution (RCE) vulnerability in Microsoft Outlook, which is currently being exploited in active cyberattacks, posing a significant threat to organizations worldwide. This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to warn |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | “these 2016 2019 2021 2024 2024–21413 2025 21413 365 ability according active actively actor actors added addressed advised affected after against agencies agency agency warned ago allow allows along also appending apply apps arbitrary are attack attacker attacker’s attackers attacks been being below: binding bod breaches bug built bypass can catalog cautioning check cisa click clicks code control controlled could craft critical currently cve cvss cyber cyberattacks cybersecurity cybersecurity firm dangerous data deceive defenses delete directive discovered dubbed editing elevated email emails embedded enough enterprise example exceptionally exclamation execute execution exploit exploitation exploited extension february federal file file:// files flaw followed frequent from given grant granting haifei has have hence high immediately improper including infrastructure input inserting its itself kev known link links ltsc making malicious manipulate mark method microsoft might mode moniker multiple networks office ongoing open opening operational organizations outlook over pane patch patches payloads per the november point pointing point has pose posing potential presents prevent preview private privileges products prompted protect protected protections protocol random rather rce read reinforce remote researcher resources response result results retrieves risk risks runs score secure security server servers severe severity shown significant simply some successful such system systems text than threat threats thursday time tracked treat tricks trigger trusted types unsafe until url urls users using validation vector vectors version victim view viewing vulnerabilities vulnerability vulnerable warn when which wild within worldwide would write year |
| Tags | Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.