1. About the Vulnerability
| Vulnerability Name |
Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413) |
|---|---|
| Release Date |
February 24, 2024 |
| Component Name |
Microsoft Outlook |
| Affected Versions |
Microsoft Office 2016 (64-bit editions) |
| Vulnerability Type |
Remote Code Execution Vulnerability |
| Severity |
CVSS v3 Base Score: 9.8 (Critical) |
| Exploitability |
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None |
| Impact |
Confidentiality Impact: High Integrity Impact: High Availability Impact: High |
2. About CVE-2024-21413
2.1 About the Component
Microsoft Outlook is a personal information manager software system developed by Microsoft and available as part of the Microsoft Office Suite. It is mainly used as an email application and includes features such as a calendar, task manager, contact manager, to-do list, and notes.
2.2 About the Vulnerability
On February 24, 2024, Sangfor FarSight Labs received notification of the remote code execution vulnerability (CVE-2024-21413) in Microsoft Outlook, classified as critical (CVSS Score 9.8) by Microsoft.
The vulnerability is caused by an issue in handling specific hyperlinks. Attackers can exploit this vulnerability by crafting a malicious link in a file to bypass the Office Protected View and open the file in editing mode instead of protected mode. This results in the potential leakage of local New Technology LAN Manager (NTLM) credentials and remote code execution.
3. Affected Versions
Microsoft Office 2016 (64-bit editions)
Microsoft Office 2016 (32-bit editions)
Microsoft Office 2019 (64-bit editions)
Microsoft Office 2019 (32-bit editions)
Microsoft Office LTSC 2021 (32-bit editions)
Microsoft Office LTSC 2021 (64-bit editions)
Microsoft 365 Apps for Enterprise (64-bit Systems)
Microsoft 365 Apps for Enterprise (32-bit Systems)
4. Solutions
4.1 Remediation Solutions
4.1.1 Official Solution
Microsoft has released security updates for Outlook, and affected users are strongly recommended to install the relevant update to fix the vulnerability. For more information, visit https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
5. Timeline
On February 14, 2024, Sangfor FarSight Labs received notification of the remote code execution vulnerability (CVE-2024-21413) in Microsoft Outlook.
On February 24, 2024, Sangfor FarSight Labs released a vulnerability alert.
6. References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
7. About Sangfor FarSight Labs
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
