Skip to the main content.

1 min read

CVE-2024-21413: Microsoft Outlook Critical RCE

CVE-2024-21413: Microsoft Outlook Critical RCE

As part of this month's Patch Tuesday, Microsoft released a fix for a critical vulnerability affecting multiple Outlook versions.

The vulnerability, CVE-2024-21413 (aka MonikerLink), allows threat actors to bypass protections in Outlook for malicious links embedded in emails.

2-2

Successful exploitation can lead to theft of NTLM credential information and can be used in conjunction with other Office vulnerabilities to achieve remote code execution.

Additionally, it allows threat actors to bypass Protected View (which is designed to open Office documents in read-only mode) and instead open Office documents in editing mode.

For full details on the root cause of the vulnerability and proof-of-concept code, see the vulnerability research from Haifei Li here.

Affected Versions

  • Microsoft Office 2019 from 19.0.0
  • Microsoft 365 Apps for Enterprise from 16.0.1
  • Microsoft Office LTSC 2021 from 16.0.1
  • Microsoft Office 2016 from 16.0.0 before 16.0.5435.1000

Remediation

Administrators are strongly encouraged to apply the appropriate security updates from Microsoft.  The Microsoft security advisory with security update links can be found here.

PacketWatch strongly recommends blocking outbound traffic over port 445 at the external firewall.

Additional Resources



DISCLAIMER

Kindly be advised that the information contained in this article is presented with no final evaluation and should be considered raw data. The sole purpose of this information is to provide situational awareness based on the currently available knowledge. We recommend exercising caution and conducting further research as necessary before making any decisions based on this information.

CVE-2024-3400: Palo Alto Networks PAN-OS Zero-Day Under Active Exploitation

2 min read

CVE-2024-3400: Palo Alto Networks PAN-OS Zero-Day Under Active Exploitation

Palo Alto Networks released a security bulletin detailing a new critical command injection vulnerability in their PAN-OS software, tracked as ...

Read More
Cyber Threat Intelligence Briefing - April 8, 2024

8 min read

Cyber Threat Intelligence Briefing - April 8, 2024

This week, we dive into a new SSH xz backdoor discovered in a popular Linux distribution and how to protect your organization from an HTTP/2...

Read More
How PacketWatch Network Monitoring Foiled an Initial Access Broker

14 min read

How PacketWatch Network Monitoring Foiled an Initial Access Broker

On January 1, 2024, the PacketWatch team prevented a cyberattack by detecting early signs of malicious activity in a client's network. We uncovered...

Read More