Microsoft Outlook Execution Vulnerability

The Australian Government Cyber Securities division has released an alert. This security risk involves almost all versions of Microsoft Office from version 2016 onwards including the 365 variant.

Background  / What has happened?

ASD’s ACSC is tracking a remote code execution vulnerability in Microsoft Office Outlook products.

CVE-2024-21413 refers to a vulnerability that exploits the Outlook preview pane as an attack vector.

Successful exploitation of this vulnerability would allow the threat actor to bypass the Office Protected View.

A threat actor who has successfully exploited this vulnerability could gain high privileges, including, read, write and delete functionality.

This vulnerability affects customers running the following Microsoft products:

• Microsoft Office 2016

• Microsoft Office LTSC 2021

• Microsoft 365 Apps for Enterprise

• Microsoft Office 2019

ASD’s ACSC is not aware of active exploitation of CVE-2024-21413 at this time.

Mitigation / How do I stay secure?

To stay secure, individuals and organisations should review their devices for use of vulnerable Microsoft Office products and refer to the Microsoft advisory.

Assistance / Where can I go for help?

If you are an Australian based business and need our assistance assessing and patching your office products, please contact us: https://www.triad.net.au/contact-us

For further details on this security risk, please visit the Australian Cyber Article: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/microsoft-office-outlook-remote-code-execution-vulnerability