Security News > 2024 > February > Microsoft: New critical Outlook RCE bug exploited as zero-day
![Microsoft: New critical Outlook RCE bug exploited as zero-day](/static/build/img/news/microsoft-new-critical-outlook-rce-bug-exploited-as-zero-day-medium.jpg)
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday.
Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.
"An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality," Microsoft explains.
Citrix warns of new Netscaler zero-days exploited in attacks.
45k Jenkins servers exposed to RCE attacks using public exploits.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) (source)
- PHP fixes critical RCE flaw impacting all versions for Windows (source)
- Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- Microsoft: New Outlook security changes coming to personal accounts (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 9.8 |