You are currently viewing Microsoft Plugs Perilous Zero-Click Outlook Vulnerability in June 2024 Patch
Citation : Image is used for information purposes only. Picture Credit: https://cyberinsider.com/

Microsoft Plugs Perilous Zero-Click Outlook Vulnerability in June 2024 Patch

Prime Highlights

  • Microsoft fixed a critical zero-click vulnerability in Outlook that enabled remote code execution with no user action.
  • The bug, assigned as CVE-2024-30103, was exploitable via specially crafted emails via Outlook Forms.

Key Facts

  • The bug has a CVSS rating of 8.8 and was found by security researchers at Morphisec.
  • Attackers can use the vulnerability through email Preview Pane or auto-open with no click needed by the user.
  • It affects various versions of Outlook, such as Outlook 2016, Office 2019, LTSC 2021, and Microsoft 365 Apps.

Key Background

In June 2024, Microsoft patched a zero-click vulnerability in Microsoft Outlook that enabled attacks to run remote code without user interaction. Identified as CVE-2024-30103, the security bug was discovered by Morphisec and is rated particularly hazardous since it can be triggered simply by receiving or previewing an evil email.

The vulnerability lies in how Outlook processes specially formatted email forms. Outlook makes use of a registry-based allow-listing mechanism to identify which components can be executed safely. Yet, attackers discovered a way to circumvent this system with malformed registry key names. Through the introduction of trailing backslashes or special characters into COM component paths, malicious components could bypass the security filter.

This attack method takes advantage of how Windows handles registry keys through APIs such as RegCreateKeyExA. The API automatically removes some characters, which makes Outlook mistake the malicious registry path for legitimate. An attacker is therefore able to add a malicious COM object to an e-mail. Upon viewing or opening the e-mail, Outlook loads the malicious form, and the attacker gains permission to execute arbitrary code under the context of the Outlook user.

As a result of its stealthy nature, the flaw is quite risky, particularly within enterprise environments where Outlook is commonplace. It may be employed to spread malware, siphon sensitive information, or penetrate further into an organization.

Microsoft’s patch, part of the June 2024 Patch Tuesday release, fixes the logic in registry key checking to avoid exploitation. Customers and organizations are highly recommended to apply this update immediately.

As further measures, users can turn off automatic email previews and have advanced threat detection systems implemented. Increased awareness of email-based attacks and having strict patching policies continue to be vital measures in countering such zero-click attacks.

Read More – Amazon’s $10 Billion AI and Data Center Investment to Change Richmond County