Check Point Research (CPR) has uncovered a critical security vulnerability, #MonikerLink (CVE-2024-21413), in Microsoft Outlook, raising concerns about the platform’s security. This flaw, with a CVSS score of 9.8, indicates critical severity and high exploitability, allowing attackers to execute arbitrary code on targeted devices. The vulnerability exploits the processing of “file://” hyperlinks by Outlook, revealing significant security implications, including system compromise, denial of service, and data breaches.
The exploitation of the #MonikerLink vulnerability misuses the Component Object Model (COM) on Windows, enabling unauthorized code execution and leaking of local NTLM credential information. By utilizing a user’s NTLM credentials, threat actors can execute arbitrary code through COM, connecting to a remote server controlled by the attacker. This compromise of authentication details may lead to code execution, bypassing the Protected View mode in Office applications. Check Point Research identified three attack vectors, including the “obvious” Hyperlink attack, “normal” attachment attack, and “advanced” Email Reading attack, emphasizing the breadth of potential threats.
Microsoft Outlook, a widely-used Microsoft Office app, has become a critical entry point for cyber threats. The vulnerability extends beyond Outlook, posing a significant risk to organizational security. CPR has confirmed the vulnerability in Microsoft 365 environments and reported it to the Microsoft Security Response Center, awaiting a response from Microsoft. Organizations and users are strongly advised to apply patches promptly, adhere to security practices, and exercise caution with suspicious emails to mitigate the potential impact of this critical security flaw.
