The Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security, has only just urgently recommended applying a patch to fix a zero-day Linux kernel vulnerability. Now it has issued another warning, this time for a critical security vulnerability that it says is under active exploitation and that impacts Microsoft Outlook users. With Microsoft already under the attack microscope with an account takeover authentication bypass threat, and an earlier Outlook infostealer alert, this is not the time to be ignoring such warnings. Here’s what you need to know and do.
CVE-2024-21413 Explained—The Critical Outlook Vulnerability Now Being Exploited By Hackers
The critical Microsoft Outlook vulnerability at the heart of this new and urgent CISA attack warning is not, itself, new. In fact, it’s almost exactly a year old, being first reported by Check Point security researchers Feb. 14, 2024. CVE-2024-21413, also known as Moniker Link, the threat enables an attacker to bypass protected view protections in Office files and open malicious documents in Microsoft Outlook. It’s critical because it can then allow the hackers to remotely execute code, with all the consequences it brings to the device compromise party.
Microsoft, for its part, issued a patch to fix the issue at the time. So, what’s the big deal, and why is the Department of Homeland Security involved now? Quite simply, according to a Feb. 6 CISA security advisory, the agency now has evidence of active exploitation of this Microsoft Outlook improper input validation vulnerability. In other words, that hackers are attacking.
What Do Outlook Users Need To Do?
The good news is that if you have applied all the Windows security updates that arrive every Patch Tuesday, the answer to the question in the sub-heading is nothing. You are already protected from these attacks. However, binding operational directive, BOD 22-01, dictates that any federal agency that hasn’t done so must make their systems safe within three weeks. That doesn’t let lazy organizations off the hook though, as CISA has “strongly urged” all organizations to “reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.”
In other words, if you use Outlook then patch now if you haven’t already. I have approached Microsoft for a statement.
