Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks – CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413. This remote code execution (RCE) flaw, discovered by Check Point researcher Haifei Li, is caused by improper input validation when processing emails containing malicious links. “Successful exploitation […] The post Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks – CISA Warns appeared first on Cyber Security News.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413.
This remote code execution (RCE) flaw, discovered by Check Point researcher Haifei Li, is caused by improper input validation when processing emails containing malicious links.
“Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode,” Microsoft stated.
Microsoft Outlook Vulnerability (CVE-2024-21413)
The flaw, dubbed the “MonikerLink” bug, enables attackers to exploit hyperlinks using the file:// protocol and manipulate URLs with an exclamation mark followed by arbitrary text.
This bypasses Outlook’s built-in protections and allows malicious Office files to open in editing mode instead of the safer read-only mode.
Notably, the vulnerability impacts multiple Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019.
Microsoft had previously warned that even previewing maliciously crafted emails in Outlook’s Preview Pane could trigger exploitation, making this a zero-click attack vector. Successful exploitation can lead to:
- Theft of NTLM credentials.
- Remote code execution.
- Potential full system compromise.
CISA’s Response
On February 6, 2025, CISA added CVE-2024-21413 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to secure their systems by February 27 under Binding Operational Directive (BOD) 22-01.
“Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution,” CISA added.
CISA emphasized that such vulnerabilities are commonly exploited by cybercriminals and nation-state actors, posing significant risks to government and private organizations alike.
CISA and Microsoft recommend immediate action to mitigate this threat:
- Apply Security Patches: Ensure all affected products are updated with the latest security patches.
- Disable NTLM Authentication: Where feasible, reduce reliance on NTLM authentication to prevent credential theft.
- Monitor Network Activity: Watch for unusual outbound connections to attacker-controlled servers.
- Educate Users: Train employees on recognizing phishing attempts and avoiding suspicious links or attachments.
- Enable Advanced Threat Protection: Use tools like Microsoft Defender to enhance security monitoring.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
The post Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks – CISA Warns appeared first on Cyber Security News.
