Categories: CVE/vulnerabilityCyber Security NewsExploit

Outlook Users Beware 0-Day Exploit Released On Hacking Forums

Outlook Users Beware 0-Day Exploit Released On Hacking ForumsOutlook Users Beware 0-Day Exploit Released On Hacking Forums

Outlook has identified a security flaw that affects how it handles certain hyperlinks. 

Malware actors actively exploit the vulnerability in real-world attacks.

The assigned CVE number for this vulnerability is CVE-2024-21413, with a severity rating of 9.8 (Critical).

Microsoft has successfully resolved the vulnerability in question and implemented the fix in their February 2024 Patch Tuesday release.

In case of successful exploitation of the vulnerability, a malicious actor can bypass the protected view of Office and open a file in editing mode instead of the protected mode.

Outlook 0-Day RCE Flaw

According to the Checkpoint report, if the hyperlink starts with http:// or https://, Outlook uses Windows’s default browser to open the URL.

If there are additional protocols, such as the “Skype” URL protocol, clicking on the hyperlink will trigger a security warning.

In other cases, like the “file://” protocol, Outlook did not display a warning dialog box.

A slight modification in the “file://” protocol link bypasses the previously shown security restriction and proceeds to access the resource.

According to experts, utilizing this particular resource involves utilizing the SMB protocol.

However, this protocol has a flaw where it inadvertently reveals the local NTLM credentials during the access process.

Exploit on Hacking Forums

The Daily Dark Web recently reported that specific hacking forums have been discussing an exploit for CVE-2024-21413.

This exploit allows attackers to access NTLM information and execute remote code.

The vulnerability can exploit the Office Protected View and use it as a means of attack to target other Office applications.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: Cyber Security NewsEmail SecurityOutlook Exploit
1 year ago

Recent Posts

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into granting…

6 minutes ago

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method employed…

18 minutes ago

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender Labs,…

29 minutes ago

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three distinct…

36 minutes ago

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known as…

2 hours ago

Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer…

3 hours ago