This alert has been written for individuals and the IT teams of organisations and government who use Microsoft Office Outlook products.
CVE-2024-21413 refers to a vulnerability that exploits the Outlook preview pane as an attack vector.
Successful exploitation of this vulnerability would allow the threat actor to bypass the Office Protected View.
A threat actor who has successfully exploited this vulnerability could gain high privileges, including, read, write and delete functionality.
This vulnerability affects customers running the following Microsoft products:
- Microsoft Office 2016
- Microsoft Office LTSC 2021
- Microsoft 365 Apps for Enterprise
Mitigation / How do I stay secure?
To stay secure, individuals and organisations should review their devices for use of vulnerable Microsoft Office products and refer to the Microsoft advisory.
Tuesday, March 5, 2024