A critical vulnerability in Microsoft Outlook, identified as CVE-2024-21413, is being actively exploited in cyber attacks. This flaw allows attackers to execute remote code, posing a severe threat to users and organizations worldwide.
The vulnerability, dubbed “MonikerLink” bug, was discovered by a cybersecurity researcher and affects multiple versions of Microsoft Outlook, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. The flaw arises from improper input validation when processing emails containing malicious links. Attackers can exploit this vulnerability using the file:// protocol and manipulate URLs with an exclamation mark followed by arbitrary text.
Once exploited, the vulnerability allows attackers to bypass Outlook’s built-in protection, enabling malicious Office files to open in editing mode instead of the safer read-only mode. This can lead to the theft of NTLM credentials, remote code execution, and potentially full system compromise.
The Cybersecurity & Infrastrustructure Security Agency (CISA) has issued an urgent warning to federal agencies on February 6, 2025, mandating them to secure their systems by February 27, 2025. CISA and Microsoft’s recommendations include applying the latest security patches, disabling NTLM authentication where feasible, monitoring network activity for unusual outbound connections, and educating users on recognizing phishing attempts.
#CyTech #CyTechNewsRoom #Cybersecurity #CISO #CISOWorkplace™ #VulnerabilityAssessment #ThreatIntelligence #CSRM #Vulnerability #MonikerLink #CISA #Microsoft #Outlook
Leave a Reply