Morphisec Threat Labs researchers have disclosed a critical remote code execution (RCE) vulnerability, CVE-2024-30103, affecting Microsoft Outlook. This vulnerability, when exploited, can allow attackers to execute arbitrary code simply by opening an email, posing significant security risks.
Discovery
Morphisec researchers identified this severe vulnerability, which impacts most Microsoft Outlook clients, enabling attackers to execute arbitrary code on affected systems. CVE-2024-30103 is particularly alarming because it does not require any user interaction—execution is triggered as soon as the email is opened. This zero-click vulnerability is especially dangerous for accounts with the auto-open email feature enabled.
An attacker exploiting this vulnerability can execute code with the same privileges as the user, potentially leading to a full system compromise. The exploit can bypass Outlook registry block lists and enable the creation of malicious DLL files, which can result in data breaches and unauthorized access.
Morphisec's discovery process involved extensive fuzzing and reverse engineering of Microsoft Outlook's codebase. The team identified the specific conditions leading to the vulnerability and reported their findings to Microsoft, adhering to responsible disclosure protocols.
- April 3, 2024: Morphisec reported the vulnerability to Microsoft.
- April 16, 2024: Microsoft confirmed the vulnerability.
- June 11, 2024: Microsoft released a patch for CVE-2024-30103 as part of its Patch Tuesday updates.
Morphisec praised Microsoft for addressing the vulnerability swiftly, considering its severity and the complexity of the required patch.
Microsoft's security bulletin about the particular flaw highlights the critical nature of CVE-2024-30103, assigning it a CVSS score of 8.8/7.7. The vulnerability, classified under CWE-184, allows attackers to exploit the network with low complexity and no required user interaction. It emphasizes that the Preview Pane is an attack vector for this vulnerability.
Urgent call to action
Morphisec urges all organizations to update their Microsoft Outlook clients immediately to mitigate the risk associated with this vulnerability. Given the high probability of exploitation, prompt action is crucial to safeguard systems and sensitive data.
To protect against CVE-2024-30103, it is essential to:
- Apply the latest security patches provided by Microsoft.
- Temporarily turn off the auto-open email feature on Outlook to reduce the risk of zero-click exploits.
- Implement security monitoring tools to detect and respond to any unusual behavior.
Morphisec plans to release detailed technical information and a proof of concept for CVE-2024-30103 at the upcoming DEFCON 32 conference in Las Vegas. Additionally, the analysts will disclose some details about another yet-to-be-patched vulnerability.
Microsoft’s June 2024 Patch Tuesday Addresses Critical Windows Flaws
Leave a Reply