Threat update

A recent Microsoft Outlook client zero-click remote code execution (RCE) vulnerability, CVE-2024-30103, has a CVSS score of 8.8. 

Technical Detail and Additional Info

What is the threat?

CVE-2024-30103 allows attackers to run arbitrary code without any interactions by the users. Once the malicious email is opened, it triggers a buffer overflow, which allows the attacker to execute arbitrary code with the same privileges as the user running Outlook. This can lead to a full system compromise, data theft, or further propagation of malware within a network. 

Why is it noteworthy?

The attack complexity of this vulnerability is low and exploitation over the network is possible. When the recipient opens the malicious email, the exploit is triggered. The attacker would need to be authenticated using valid Exchange user credentials. From there, attackers would need to find a privilege escalation flaw to take over a system fully. 

What is the exposure or risk?

Many email users utilize Outlook to read their emails. Outlook 2016, Office LTSC 2021, 365 Apps for Enterprise, and Office 2019 are affected. This vulnerability is severe due to its zero-click nature. Opening the malicious email in Outlook's preview pane is all that is needed to allow an attacker access to the network. This is extremely dangerous for accounts using Microsoft Outlook's auto-open email feature. This could lead to data breaches, unauthorized access to systems, and other malicious activities. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of this Outlook RCE vulnerability:

• Install Microsoft's June Patch Tuesday security updates.
• Use email filtering and monitoring solutions to help detect and block malicious emails before they reach end-users.
• Report any suspicious emails with malicious attachments or unexpected content in the preview pane to your IT department.

References

 For more in-depth information about the recommendations, please visit the following links:

• https://cybersecuritynews.com/microsoft-outlook-zero-click-rce-flaw/
• https://www.securityweek.com/microsoft-patches-zero-click-outlook-vulnerability-that-could-soon-be-exploited/
• https://www.csoonline.com/article/2144119/microsoft-fixes-dangerous-zero-click-outlook-remote-code-execution-exploit.html

If you have any questions, please contact LBT's Sales Engineer.