Hey there readers!
So, here’s the latest scoop – despite having a fix available, there have been some delays in patching devices, which has allowed threat actors to exploit a security flaw in Microsoft Outlook. According to CISA, the vulnerability in Microsoft Outlook that allows remote code execution is currently being actively attacked.
Microsoft Outlook Vulnerability Added to CISA KEV
In a recent alert by CISA, it was revealed that a known vulnerability in Microsoft Outlook is being actively exploited. This discovery prompted the agency to include the vulnerability in its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability, identified as CVE-2024-21413, was first flagged by Check Point Research in February 2024. Termed as the “MonikerLink bug,” this flaw allows attackers to bypass Outlook’s Protected View security feature.
By manipulating the URL of a remote file, an attacker could deceive Outlook into opening the destination URL directly, thus potentially gaining elevated privileges and enabling remote code execution on the target system.
Although Microsoft patched the flaw in February 2024, stating that there were no active exploitation attempts at that time, it seems that the vulnerability is now being actively exploited in the wild, as warned by CISA.
CISA’s recent alert emphasizes the importance of promptly applying security fixes to protect systems from potential threats. Federal agencies are required to update their systems within three weeks, while all other organizations are urged to take necessary actions to secure their systems and prevent active threats.
We’d love to hear your thoughts on this. Feel free to share in the comments below!
