A new Outlook Remote Code Execution vulnerability has been discovered and is being tracked as CVE-2024-30103. This vulnerability simply requires a user to open the email, and then the potentially malicious code is executed. This is especially concerning given Outlook’s ability to automatically open email, and that the general guidance for phishing\malicious emails has been to not interact with attachments or links.
Additionally, this attack appears to be fairly straightforward, lowering the threshold for attackers to utilize this likely very effective method. Surprisingly, the CVSS Score for this vulnerability isn’t as high as we would expect, coming in at 8.8. Combine the ease-of-attack with the seemingly low-risk activity of just opening an email and you have a recipe for disaster in initial access attacks.
The good news is that Microsoft has issued a patch for this vulnerability, and it has been included in the patches released on June 11th. Unfortunately, many organizations do not patch Outlook automatically so security professionals should verify that this patch has been applied to all Outlook users as quickly as possible.
Patch this vulnerability ASAP, and if you have any concerns that your organization has been impacted by an attack utilizing this method initiate a threat-hunt immediately.
References:
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30103
