Want relief keeping up with product patching, upgrades, and more? Learn how our Managed Services for law firms can help you.
Multiple Microsoft Outlook Vulnerabilities
Feb 16, 2024
Please see Microsoft Outlook Vulnerabilities below.
Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413)
Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE).
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.
Original Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2024-21402)
The attacker would gain the rights of the user that is running the affected application. Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the files.
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.
Original Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21378)
An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.
Original Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378