Security News > 2024 > February > New critical Microsoft Outlook RCE bug is trivial to exploit

New critical Microsoft Outlook RCE bug is trivial to exploit
2024-02-14 20:08

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.

Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.

"An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality," Microsoft explains.

Microsoft updated the CVE-2024-21413 security advisory today to warn that this Outlook bug was also being exploited in attacks as a zero-day before this month's Patch Tuesday.

Citrix warns of new Netscaler zero-days exploited in attacks.

45k Jenkins servers exposed to RCE attacks using public exploits.


News URL

https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-21413 Unspecified vulnerability in Microsoft products
Microsoft Outlook Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 681 811 4541 4194 3708 13254