Microsoft closes easily exploitable vulnerability in Outlook
In its June Patch Tuesday update, Microsoft patched a critical vulnerability in Outlook, among other things. The remote code execution flaw can be exploited without requiring user interaction.
The vulnerability in question, tracked as CVE-2024-30103was discovered by researchers from security company Morphisec. The flaw allows attackers to execute proprietary code on affected systems, which can lead to data breaches, unauthorized access to systems and other malicious practices. The code can be executed with the same privileges as the affected user, which the researchers say could potentially lead to the entire system being taken over.
Attackers can exploit the flaw by sending a rogue email. According to the researchers, the vulnerability is extra dangerous because no user interaction is required for exploitation. Opening the rogue email is enough. “This is particularly dangerous for accounts that use Microsoft Outlook's auto-open feature,” the researchers said. “This lack of required user interaction, combined with the straightforward nature of the exploit, increases the likelihood that attackers will exploit this vulnerability for initial access.” The researchers recommend installing the patch released by Microsoft as soon as possible.
Microsoft has patched 51 vulnerabilities with its June Patch Tuesday update, one of which is considered critical. The rest, including CVE-2024-30103, are classified as important. The full list of patched vulnerabilities can be found at Microsoft website.