On June 18, known as ‘Patch Tuesday’, Microsoft released updates to address 51 vulnerabilities, including one found in its popular email client software, Outlook. The issue, designated CVE-2024-30103 and given a CVSS score of 8.8/10, is a remote code execution (RCE) flaw that could potentially trigger code execution without users clicking or interacting with the purposely designed email content.
While Microsoft has stated it isn’t aware that CVE-2024-30103 has been exploited in the wild, researchers are worried that its ease of exploitation will increase the likelihood that threat actors will leverage the vulnerability to obtain initial access to target accounts.
Source: The Hacker News
Analysis
Field Effect can confirm that at least one exploit for CVE-2024-30103 is publicly available online and other researchers have signalled their intention to release their own exploits soon.
Outlook’s popularity and widespread use provide threat actors with a large attack surface for potential exploitation. Just last month, the hacking wing of Russia’s Main Intelligence Directorate (GRU), codenamed APT28, abused a different Outlook vulnerability, CVE-2023-23397, to target German and Czech organizations and gain unauthorized access to several email accounts.
Given the availability of at least one trivial exploit and the fact that the vulnerability doesn’t require user interaction to be exploited, it’s highly likely threat actors will attempt to use CVE-2024-30103 against unpatched versions of Outlook.
To reduce the threat posed by CVE-2024-30103, users and network administrators should install the updates from Patch Tuesday as soon as possible.
Mitigation
Field Effect’s team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software like Outlook. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the exploitation of these vulnerabilities. Field Effect MDR users were automatically notified if a vulnerable version of Outlook was detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly encourages users of the affected Outlook versions to update to the latest version as soon as possible, in accordance with Microsoft’s advisory.
Related Articles