An alert has been issued for individuals and the IT teams of organisations and government who use Microsoft Office Outlook products.
Background / What’s happened?
ASD’s ACSC is tracking a remote code execution vulnerability in Microsoft Office Outlook products.
CVE-2024-21413 refers to a vulnerability that exploits the Outlook preview pane as an attack vector.
Successful exploitation of this vulnerability would allow the threat actor to bypass the Office Protected View.
A threat actor who has successfully exploited this vulnerability could gain high privileges, including, read, write and delete functionality.
This vulnerability affects customers running the following Microsoft products:
- Microsoft Office 2016
- Microsoft Office LTSC 2021
- Microsoft 365 Apps for Enterprise
- Microsoft Office 2019
ASD’s ACSC is not aware of active exploitation of CVE-2024-21413 at this time.
Mitigation / How do I stay secure?
To stay secure, individuals and organisations should review their devices for use of vulnerable Microsoft Office products and refer to the Microsoft advisory.
Assistance / Where can I go for help?
ASD’s ACSC is monitoring the situation and is able to provide technical assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).
View this alert on the website: Microsoft Office Outlook Remote Code Execution Vulnerability | Cyber.gov.au