A recent Microsoft Outlook client zero-click remote code execution (RCE) vulnerability, CVE-2024-30103, has a CVSS score of 8.8. Review this Cybersecurity Threat Advisory to limit the impact this vulnerability may have on your organization.
What is the threat?
CVE-2024-30103 allows attackers to run arbitrary code without any interactions by the users. Once the malicious email is opened, it triggers a buffer overflow, which allows the attacker to execute arbitrary code with the same privileges as the user running Outlook. This can lead to a full system compromise, data theft, or further propagation of malware within a network.
Why is it noteworthy?
The attack complexity of this vulnerability is low and exploitation over the network is possible. When the recipient opens the malicious email, the exploit is triggered. The attacker would need to be authenticated using valid Exchange user credentials. From there, attackers would need to find a privilege escalation flaw to take over a system fully.
What is the exposure or risk?
Many email users utilize Outlook to read their emails. Outlook 2016, Office LTSC 2021, 365 Apps for Enterprise, and Office 2019 are affected. This vulnerability is severe due to its zero-click nature. Opening the malicious email in Outlook’s preview pane is all that is needed to allow an attacker access to the network. This is extremely dangerous for accounts using Microsoft Outlook’s auto-open email feature. This could lead to data breaches, unauthorized access to systems, and other malicious activities.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of this Outlook RCE vulnerability:
- Install Microsoft’s June Patch Tuesday security updates.
- Use email filtering and monitoring solutions to help detect and block malicious emails before they reach end-users.
- Report any suspicious emails with malicious attachments or unexpected content in the preview pane to your IT department.
References
For more in-depth information about the recommendations, please visit the following links:
- https://cybersecuritynews.com/microsoft-outlook-zero-click-rce-flaw/
- https://www.securityweek.com/microsoft-patches-zero-click-outlook-vulnerability-that-could-soon-be-exploited/
- https://www.csoonline.com/article/2144119/microsoft-fixes-dangerous-zero-click-outlook-remote-code-execution-exploit.html
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.