Security News > 2024 > February > Microsoft: New critical Outlook RCE bug exploited as zero-day
2024-02-14 20:08
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday.
Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.
"An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality," Microsoft explains.
Citrix warns of new Netscaler zero-days exploited in attacks.
45k Jenkins servers exposed to RCE attacks using public exploits.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Microsoft fixes bug causing Outlook freezes when copying text (source)
- Microsoft fixes bug causing Outlook to freeze when copying text (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 9.8 |