Outlook and Hotmail email security updates

If your organization is using Microsoft Outlook you need to patch now, as Proof of Concept exploits for the #MonikerLink #RCE vulnerability are now available. MonikerLink is a vulnerability specific to Microsoft COM APIs, published last week by CheckPoint. The current Outlook vulnerability has been assigned serial number CVE-2024-21413 and has CVSS 9.8, but CheckPoint hints that there may be other similar ways to exploit COM APIs. As this is being written I am looking at a proof of concept for MonikerLink published on GitHub by a researcher. The vulnerability is as simple as adding "!something" to a hyperlink in an email, and it is triggered in the preview pane, with no user interaction needed. The screenshot below shows a WireShark capture, provided by the researcher mentioned above, in which NTLM local credentials are being sent to a remote network address, as a result of this exploit being activated on a vulnerable Outlook client. Although Microsoft rates this vulnerability as "exploitation unlikely", you should assume that sophisticated threat actors are already using this exploit and harvesting the leaked NTLM local credentials. What can be done about this? 1. Apply the official patch from Microsoft, released last Tuesday. 2. Consider email filtering software, to scan for suspicious links. 3. Block outbound SMB connections from leaving your corporate network. Note: this vulnerability should not be confused with the current Exchange server vulnerability designated CVE-2024-21410, also a CVSS 9.8, which also causes leaking of NTLM local credentials - what a week!

🚨[High] POC for Critical Zero-Click Vulnerability in Microsoft Outlook (CVE-2025-21298) Uncovered A critical zero-click remote code execution (#RCE) vulnerability, identified as CVE-2025-21298, has been discovered in Microsoft Outlook's handling of Object Linking and Embedding (OLE) objects. This flaw allows attackers to execute arbitrary code without user interaction, posing a significant threat to users and organizations. The issue resides in the `ole32.dll` component, specifically within the `UtOlePresStmToContentsStm` function. A double-free condition occurs due to improper handling of the `pstmContents` pointer during cleanup, leading to memory corruption. An attacker can exploit this vulnerability by sending a specially crafted Rich Text Format (RTF) email containing embedded OLE objects. When the email is received, Outlook processes the malicious OLE content, triggering the vulnerability without any user interaction. A proof-of-concept (PoC) demonstrating the memory corruption has been released, highlighting the ease with which this vulnerability can be exploited. The PoC is available on GitHub for further examination. Impact: Given the zero-click nature of this vulnerability, an attacker can compromise a system merely by sending a malicious email, without requiring the recipient to open or interact with it. This could lead to unauthorized access, data exfiltration, and potential lateral movement within a network. Patch: Microsoft has addressed this vulnerability in the January 2025 Patch Tuesday updates. Users and administrators are strongly advised to apply the latest security patches promptly to mitigate potential exploitation. Recommendations: 1. Immediate Patching: Ensure all systems running Microsoft Outlook are updated with the latest security patches. 2. Disable RTF Previews: As a temporary measure, consider disabling RTF previews in Outlook to prevent automatic processing of malicious content. Links and sources in the comments! #CyberSecurity #MicrosoftOutlook #ZeroClick #RCE #CVE202521298 #infosec

New Outlook rules take effect today & Microsoft will begin rejecting / bouncing emails from domains that lack proper authentication. If your domain isn’t set up with SPF, DKIM, and DMARC, your emails may not reach any Outlook, Hotmail, or Live users. This is especially critical for anyone sending emails to more than 5,000 recipients at once. Initially, Microsoft announced that unauthenticated emails would be filtered into spam. However, last week they changed course and decided to enforce rejections right from the start. As a result, many companies will likely see more rejected / bounced emails, flagged with the 550 5.7.515 error code. Whatever system you use for mail distribution, make sure your domain is properly authenticated with their infrastructure. Even if you think it is, it's worth double-checking the authentication settings and analyzing your #DMARC reports from the past month to ensure all existing mail streams are properly configured. #Microsoft #EmailDeliverability

🚨 Microsoft Patches Critical Outlook Zero-Click RCE Vulnerability CVSS: 9.8 🚨 Microsoft has released an urgent security patch to address CVE-2025-21298, a critical zero-click remote code execution (RCE) vulnerability in Outlook. This flaw allows attackers to execute arbitrary code simply by sending a malicious email—no user interaction required. 💡 Key Details: ▪️ Severity: CVSS score of 9.8 (Critical) ▪️ Vulnerability Type: Use After Free (CWE-416) ▪️ Impact: High risk to confidentiality, integrity, and availability ▪️ Exploitability Assessment: Exploitation More Likely 📢 Although this vulnerability hasn’t been publicly exploited yet, Microsoft has flagged its exploitability as “more likely.” Don’t wait until it’s too late—act now to secure your systems. 🔒 How to Protect Yourself: 1️⃣ Update Outlook: Install Microsoft’s latest security patch immediately. 2️⃣ Email Settings: Switch to viewing emails in plain text format to reduce risks. 3️⃣ Be Cautious: Avoid opening RTF files or attachments from unknown sources. 👉 Stay proactive in protecting your systems—update your Outlook now to defend against this high-severity vulnerability. For more information: 📌 Official Microsoft advisory: https://lnkd.in/dwtWbRZu #Cybersecurity #Microsoft #Outlook #ZeroClickExploit #PatchNow

A critical 0-day vulnerability (CVE-2024-30103) has been discovered in Microsoft Outlook that allows attackers to execute malicious code by simply opening an email link to the article. This vulnerability exploits a flaw in the allow-listing mechanism, enabling attackers to manipulate registry paths to point to malicious executables. Here's a technical breakdown of the vulnerability: * The vulnerability resides in the allow-listing mechanism, which fails to validate form server properties. * Attackers can exploit this flaw to manipulate registry paths to point to malicious executables stored in the AppData\Local\Forms folder. Fortunately, Microsoft has addressed this vulnerability by: * Revising the allow-listing matching algorithm to ensure proper validation. * Implementing significant enhancements to the denylist for added protection. Here are some actionable steps you can take to mitigate this risk: * Ensure all systems have the latest security patches installed, including the patch for CVE-2024-30103. * Educate users on best practices for email security, such as caution against opening emails from unknown senders and avoiding suspicious attachments. * Implement additional security measures such as email filtering and endpoint detection and response (EDR) solutions. By following these recommendations, you can significantly reduce the risk of falling victim to this 0-day vulnerability. Let's stay vigilant and keep our systems safe! #cybersecurity #outlookemail #vulnerability #cve #0day #infosec #phishing https://lnkd.in/g6Pkut4c

Critical Microsoft Outlook RCE Vulnerability Now Exploited ⚠️ - A newly exploited remote code execution (RCE) vulnerability in Microsoft Outlook (CVE-2024-21413) allows attackers to bypass Protected View and execute malicious code via specially crafted email links. - 🔍 What’s the Risk? ⭕ Attackers exploit this flaw using the file:// protocol with a Moniker Link trick, bypassing built-in Outlook protections. ⭕Even previewing a malicious email can trigger the exploit. ⭕Affected versions include Microsoft Office LTSC 2021, Microsoft 365 Apps, Outlook 2016, and Office 2019. - 💡 Mitigation Steps: ✅ Apply Microsoft’s security patches immediately. ✅ Block outbound NTLM authentication to prevent credential theft. ✅ Disable automatic preview in Outlook to minimize exposure. - 📢 Attackers are actively exploiting this flaw—ensure your Outlook security is up to date! #CyberSecurity #Microsoft #Outlook #ThreatIntelligence #RCE