Critical Security Flaw Discovered in Microsoft Outlook
Researchers from Morphisec have uncovered a severe security vulnerability in Microsoft Outlook, designated CVE-2024-38021. This zero-click remote code execution (RCE) flaw allows unauthorized access to your system without any user interaction. Affecting most versions of Outlook, this issue doesn’t require user authentication and poses significant risks, including potential data breaches, unauthorized access, and the execution of malicious code.
Initially deemed “high” risk by Microsoft, the vulnerability has now been reclassified as “critical” by security experts, who advise that it may already be under active exploitation. Discovered in late April and reported by Morphisec, Microsoft confirmed the issue the following day. However, a security patch was only released on July 9, as part of the regular updates.
What You Should Do Immediately
Given the potential for ongoing exploitation, it’s crucial to update all Microsoft Outlook and Office applications with the latest patches without delay. Additionally, enhance your Outlook account security by implementing multi-factor authentication and disabling automatic email previews where possible.