Aperçu
Microsoft Outlook contains a remote code execution vulnerability caused by improper handling of email content. This vulnerability allows remote attackers to execute arbitrary code on a victim's system when the victim opens a malicious email message. The flaw exists in how Outlook processes certain email content types without proper validation. La vulnérabilité a été divulguée le February 13, 2024. CISA a identifié CVE-2024-21413 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
CVE-2024-21413 is a critical remote code execution vulnerability in Microsoft Outlook that arises from improper handling of specially crafted email content. When a user opens a malicious email designed to exploit this vulnerability, the attacker's code can be executed with the privileges of the logged-in user. The vulnerability leverages inadequate input validation and sanitization of email message content, allowing attackers to inject and execute arbitrary code through malicious email payloads.
La vulnérabilité est classifiée comme CWE-434 (Unrestricted Upload of File with Dangerous Type) , CWE-94 (Improper Control of Generation of Code ('Code Injection')) etCWE-79 (Improper Neutralization of Input During Web Page Generation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 8.8 (HIGH) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, indiquant sa nature high.
Impact
Successful exploitation of CVE-2024-21413 allows remote attackers to execute arbitrary code on a victim's computer with the same privileges as the logged-in user. This can lead to complete system compromise, including unauthorized access to sensitive data, installation of malware, lateral movement within corporate networks, and potential business disruption. The vulnerability is particularly dangerous in enterprise environments where Outlook is widely deployed.
Mitigation et contournements
Install the latest security update from Microsoft Update or Windows Update. For Outlook 2016, 2019, and 2021, apply the corresponding February 2024 security update. For Microsoft 365 subscribers, updates are deployed automatically. Users can manually check for updates via File > Office Account > Update Options > Update Now. Les versions suivantes incluent les correctifs nécessaires : Outlook 2016 (16.0.5515 or later), Outlook 2019 (19.202.1232 or later), Outlook 2021 (Build 16.0.17928 or later), Microsoft 365 Apps (Version 2401 or later).
Comme contournements temporaires : disable the preview pane in outlook to prevent automatic rendering of potentially malicious email content. this requires users to explicitly open emails in full compose window before any code execution can occur.; configure outlook to open emails in reading pane in plain text mode only, disabling html rendering. this prevents execution of embedded scripts and objects.; implement email filtering at the gateway level to block emails with suspicious characteristics or potentially malicious content types before they reach user inboxes., et use application whitelisting or strict applocker policies to prevent unauthorized code execution even if the vulnerability is triggered..
Recommandation de CISA : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
