Critical Outlook RCE Vulnerability Exploits Preview Pane


A recently discovered vulnerability in Microsoft Outlook designated CVE-2024-30103, exposes users to remote code execution (RCE) attacks, potentially granting attackers complete control over affected systems.

The flaw was identified by Morphisec Threat Labs researchers Michael Gorelik and Shmuel Uzan in April 2024. 

CVE-2024-30103 exploitation involves attackers possessing valid MS Exchange user credentials sending a specially designed email, which triggers the exploit when opened and executes arbitrary code.

What makes it particularly dangerous is its zero-click nature. Unlike traditional phishing attempts that require user interaction, this vulnerability can be exploited simply by opening a malicious email. This significantly increases the attack surface, as unsuspecting users don’t even need to click a malicious link or attachment for their system to be compromised.

This flaw impacts “most” MS Outlook clients and spreads from user to user.

“This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened. This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature” read Morphisec’s research shared with Hackead.com ahead of publication on Tuesday.

Morphisec’s analysis reveals that the vulnerability lies in Microsoft Outlook’s processing of certain email components and Microsoft confirmed Preview Pane, a feature that displays email content without requiring users to download attachments, is a potential attack vector. When this email is opened, it triggers a buffer overflow, allowing the attacker to execute code with the same privileges as the user running Outlook. 

This can lead to system compromise, data theft, or further malware propagation by allowing attackers to bypass Outlook registry block lists and the creation of malicious DLL files. These files could be used for DLL hijacking, posing a potential compromise. The lack of user interaction and its straightforward nature make it easier for adversaries to exploit this vulnerability for initial access. 

The good news is that Microsoft has patched this vulnerability in June’s Patch Tuesday and it is recommended that organizations update MS Outlook clients immediately to prevent exploitation.

Morphisec will unveil technical details and POC for CVE-2024-30103 at the DEFCON 32 conference in Las Vegas.

  1. 7-Year-Old 0-Day in Microsoft Office Drops Cobalt Strike
  2. Nespresso Domain Hacked in Phishing Attack for Microsoft Logins
  3. Microsoft Disables App Installer After Feature is Abused for Malware
  4. Russian Midnight Blizzard Hackers Breached Microsoft Source Code
  5. Microsoft Teams External Access Abuses to Spread DarkGate Malware





Source link