Skip to main content

Security researchers have discovered a serious issue in Outlook that puts you at risk even without you doing anything wrong.

Security researchers from Morphisec recently discovered a serious security hole in Outlook. Called CVE-2024-38021, this is a zero-click remote code execution (RCE) vulnerability that can allow unauthorized access to your system without a single click.

The issue apparently affects most Microsoft Outlook applications and doesn’t require any user authentication. In the worst-case scenario, CVE-2024-38021 can lead to potential data leaks, unauthorized access, execution of malicious code, and other dangers.

The lack of user authentication makes this vulnerability particularly dangerous and a high priority to address. Microsoft itself initially categorized this vulnerability as “high” risk, but assumed that the vulnerability could only be exploited in certain cases.

But according to the security researchers, it’s recommended that this vulnerability should be considered “critical” and that it should be assumed that it’s already being actively exploited.

CVE-2024-38021 was first discovered at the end of April and reported by Morphisec. Confirmation from Microsoft followed a day later. But it took until July 9 for Microsoft to finally roll out a security patch, which was made available as part of the Tuesday updates.

What you need to do now

Since the assumption is that attackers are already exploiting this security hole, you should act quickly.

GET WINDOWS 11 PRO FOR CHEAP

Windows 11 Pro

Windows 11 Pro

Make absolutely sure that all Microsoft Outlook and Office applications on your systems are updated with the latest patches as soon as they’re available to you. Don’t put this off and risk forgetting about it.

It also makes sense to add additional security measures to your Outlook account, especially if you use it for business. It’s best to set up authentication and deactivate automatic email previews if possible.