Outlook's decades-old vulnerability allowed for catastrophic attacks without any user interaction

Fortunately, the vulnerability was addressed.

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

outlook CVE-2024-21413

The latest Outlook vulnerability, known as CVE-2024-21413, allowed for relatively easy access into organisations’ infrastructure requiring no used interaction, to catastrophic effect.

The vulnerability, discovered by X user (formerly known as Twitter), Haifei Li, had existed for decades, but according to the user, the vulnerability was overlooked, so it was not addressed at all.

The crazy part for me when discovering the issue is that this is a very easy-to-find problem but overlooked for like decades – nothing special, I just typed the “!” in hyperlinks on Outlook.

Haifei Li

CVE-2024-21413 was able to be exploited by unauthorized users in remote situations without requiring user interactions at all. What’s even more intriguing, and equally devastating, if we put it this way, is that the vulnerability would release malware at a mere previewing of the documents. They didn’t need to be open to infect devices.

How would it work? According to Microsoft, the vulnerability allowed attackers to bypass several security procedures and gain high-privilege rights on documents, including editing potentially malicious Protected View documents, by inserting an exclamation mark ‘!’ following the document extension it its embedded link.

An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE).

Microsoft

The Redmond-based tech giant managed to quickly address Outlook’s CVE-2024-21413 vulnerability and it is no longer exploitable, just 2 days after the company validated its existence.

The full advisory can be found here, with all the details on this vulnerability.

Microsoft has been targeted by exploited recently, so the fact that the Redmond-based tech giant addressed this vulnerability in such as short time, makes sense: for instance, Word and Excel were the targets of hackers these past days, while Microsoft SmartScreen was also exploited quite severely.

More about the topics: Outlook, Outlook Errors

User forum

0 messages