Priya PatelTLDR:
- An alert has been issued for a remote code execution vulnerability in Microsoft Office Outlook products known as CVE-2024-21413.
- The vulnerability exploits the Outlook preview pane as an attack vector, allowing threat actors to gain high privileges.
An alert has been issued by ASD’s ACSC for individuals and IT teams using Microsoft Office Outlook products due to a remote code execution vulnerability. The vulnerability, known as CVE-2024-21413, exploits the Outlook preview pane as an attack vector, allowing threat actors to bypass the Office Protected View and gain high privileges. The affected Microsoft products include Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Microsoft Office 2019. ASD’s ACSC is monitoring the situation and recommends reviewing devices for vulnerable Microsoft Office products and referring to the Microsoft advisory for mitigation. Organizations or individuals impacted can contact ACSC for technical assistance and advice.
