Actively Exploited Vulnerability In Microsoft Outlook
Shahzad Dhanwani
Cyber Security Analysis | MSSP | Top 1% Tryhackme | SIEM | Arcsight | DLP | Cortex | XSoar | CloudSEK | Splunk | Microsoft Defender | Microsoft Sentinal | Crowd Strike | Trend Micro | GrayLog
Despite the fix being available, the delays in patching devices allowed the threat actors to exploit a Microsoft Outlook security flaw. According to CISA, the remote code execution vulnerability in Microsoft Outlook is now under active attack.
Microsoft Outlook Vulnerability Added to CISA KEV According to the latest CISA alert, the security agency observed active exploitation of a known vulnerability in Microsoft Outlook. Following this discovery, the agency added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Specifically, the vulnerability CVE-2024-21413 caught the attention of Check Point Research in February 2024. The researchers dubbed it the “MonikerLink bug, ” allowing an adversary to bypass Outlook’s Protected View security feature.
领英推荐
An attacker could evade this security check by adding an exclamation mark and random characters at the end of the URL to a remote file. While clicking on remote file links would otherwise trigger a warning prompt, such modified links could trick Outlook into opening the destination URL directly. Exploiting the flaw could allow an adversary to gain elevated privileges and remote code execution on the target system.
Following the researchers’ report, Microsoft patched the flaw with February 2024 Patch Tuesday updates. At that time, the firm confirmed that no active exploitation attempts had been made for this vulnerability and classified its exploitation as “less likely.” However, it now turns out otherwise, as CISA warned users about the vulnerability’s exploitation in the wild.
Through its recent alert, CISA warned all organizations to patch their systems with the security fixes given the active exploitation of the Outlook flaw. It restricts the Federal Civilian Executive Branch (FCEB) agencies to ensure prompt system updates within three weeks to protect the FCEB network from potential threats. Besides, it urged all other user organizations to apply necessary remediations to reduce the exposure of vulnerable systems and prevent active threats.