Security News > 2024 > February > New critical Microsoft Outlook RCE bug is trivial to exploit
Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.
Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.
"An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality," Microsoft explains.
Microsoft updated the CVE-2024-21413 security advisory today to warn that this Outlook bug was also being exploited in attacks as a zero-day before this month's Patch Tuesday.
Citrix warns of new Netscaler zero-days exploited in attacks.
45k Jenkins servers exposed to RCE attacks using public exploits.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Critical security hole in Apache Struts under exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 0.0 |