February 14, 2024 By Sergiu Gatlan
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday.
Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, this vulnerability leads to remote code execution (RCE) when opening emails with malicious links using a vulnerable Microsoft Outlook version.
This happens because the flaw also enables attackers to bypass the Protected View (designed to block harmful content embedded in Office files by opening them in read-only mode) and open malicious Office files in editing mode.
Redmond also warned that the Preview Pane is an attack vector for this security flaw, allowing successful exploitation even when previewing maliciously crafted Office documents in Windows Explorer.
Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.
