Cybersecurity experts Morphisec discovered a serious vulnerability in Microsoft Outlook, which was assigned the number CVE-2024-38021 – it allows remote code execution without user interaction, which threatens unauthorized access to the system.
The problem is believed to affect most versions of Microsoft Outlook – in the worst case, it can cause data leaks, unauthorized access, malicious code execution and other unpleasant consequences. Microsoft classified the vulnerability CVE-2024-38021 as a “high” risk, but noted that certain conditions are required for its exploitation. Cybersecurity experts recommend considering the vulnerability “critical” and assuming that it is already being exploited by attackers.
Morphisec specialists discovered CVE-2024-38021 at the end of April and immediately reported it to Microsoft, which confirmed the discovery the next day. But it took the corporation until July 9 to release a security update that fixed the vulnerability. If you assume that the bug is already being exploited by hackers, you should act quickly – you need to make sure that all Microsoft Outlook applications and the Office suite are updated to the latest versions, and it is recommended to install updates immediately upon release. It is also recommended to take additional measures to protect your account in Outlook: set up authentication and disable automatic mail previews.