Security News > 2024 > February > Microsoft: New critical Outlook RCE bug exploited as zero-day

Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday.
Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.
"An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality," Microsoft explains.
Citrix warns of new Netscaler zero-days exploited in attacks.
45k Jenkins servers exposed to RCE attacks using public exploits.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft says button to restore classic Outlook is broken (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 9.8 |