Outlook RCE vulnerability CVE-2024-30103 fixed in June 2024

Posted on 2024-06-15 by guenni

[German]With the security updates of June 11, 2024, Microsoft has also closed a critical vulnerability in Microsoft Outlook. The vulnerability CVE-2024-30103 allows remote code execution when opening an email. Patching is strongly recommended.

Advertising

Security update for Outlook

In the blog post Office Updates (June 4, 2024), I pointed out the security updates for the June 2024 Patchday. The security update KB5002600 is available for Outlook 2016, MSI version, to close the RCE vulnerability CVE-2024-30103 (CVE score 8.8, important). The attacker can exploit the vulnerability to execute remote code on the system simply by displaying malicious content in the Outlook preview.

However, the attacker must be authenticated with valid Exchange user credentials. According to Microsoft, an attacker who successfully exploits this vulnerability could bypass the Outlook registry block lists and enable the creation of malicious DLL files. However, Microsoft classifies this vulnerability as "rather unlikely to be exploited".

More details from Morphisec

The security researchers at Morphisec discovered the vulnerability and published more details about CVE-2024-3010 on June 11, 2024 in the blog post You've Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened. The vulnerability CVE-2024-30103 affects most Microsoft Outlook clients and allows remote code execution, i.e. attackers could execute arbitrary code on the affected systems. This can lead to possible data breaches, unauthorized access and other malicious activities, the security researchers write.

Interestingly, Morphisec comes to a completely different conclusion regarding exploitability, writing that "the CVE-2024-30103 vulnerability is of particular concern due to the high likelihood of exploitation". It is a zero-click vulnerability where the user does not have to interact with the content of a malicious email. It is sufficient to view the preview, which makes it extremely easy to execute malicious code.

Microsoft may classify the vulnerability as "not likely to be exploitable" because authentication with valid Exchange user credentials is required for the attack. Morphisec probably found the vulnerability by fuzzing and reverse engineering the Outlook code and reported it to Microsoft on April 3, 2024. On April 16, 2024, the vulnerability was confirmed by Microsoft and closed with the Office security updates on June 11, 2024. (via)

Advertising

Similar articles:
Office Updates (June 4, 2024)
Microsoft Security Update Summary (June 11, 2024)
Patchday: Windows 10/Server-Updates (June 11, 2024)
Patchday: Windows 11/Server 2022-Updates (June 11, 2024)
Windows Server 2012 / R2 und Windows 7 (June 11, 2024)
Microsoft Office Updates (June 11, 2024)

Advertising
This entry was posted in Office, Security, Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).