🟢 CVE-2024-21413

Microsoft Outlook Remote Code Execution vulnerability affects client email applications, not server infrastructure. Despite the critical CVSS score and CISA KEV listing, this requires phishing/social engineering to deliver malicious content to Outlook clients rather than direct internet exploitation of servers.

← Back to Overview
LOW_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: PHISHING

CVE Published: 2024-02-13

Added to CISA KEV: 2025-02-06 359 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-21413 is a critical security vulnerability in Microsoft Outlook, often referred to as the "Moniker Link" bug [2]. It was disclosed in February 2024 and is classified as an improper input validation vulnerability [1].

Key Details
FeatureDescription
Vulnerability TypeImproper Input Validation (Remote Code Execution)
CVSS Score9.8 (Critical) [4]
StatusPatched; included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog [5]
Exploitation and Attack Method
  • Active Exploitation: The vulnerability was observed being exploited in the wild as a zero-day prior to its disclosure [1].
  • Attack Method: Attackers leverage "moniker links" to bypass security protections, such as Protected View, in Microsoft Outlook [1] [2].
  • Requirements: Exploitation can be achieved by sending a malicious email to a victim. It is particularly dangerous because it can be triggered via the Outlook Preview Pane, potentially requiring minimal or no user interaction depending on the configuration [1] [6].
  • Impact: Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the victim's system and can lead to the theft of NTLM credentials [1] [4].
Threat Actor Usage and Campaigns
While specific threat actor groups are often associated with the exploitation of such high-profile vulnerabilities, the primary concern cited by security researchers is the risk of malware deployment and unauthorized access in enterprise environments [3]. Given its inclusion in the CISA KEV catalog, it has been recognized as a significant target for various malicious actors [5].
Mitigation and Patching
  • Patch Status: Microsoft released security updates to address this vulnerability in February 2024. Users are strongly advised to ensure their Microsoft Office and Outlook installations are fully patched [4].
  • Proof-of-Concept: Detailed research and analysis, including information on the "MonikerLink" bug, have been published by security firms like Check Point, which also developed signatures to help detect and block exploitation attempts [2] [4].

Sources

  1. Microsoft Outlook Remote Code Execution Vulnerability

    Impact and blast radius: successful exploitation of CVE-2024-21413 can lead to remote code execution, theft of NTLM credentials, and ... CVE-2024-21413 is a critical security vulnerability in Microsoft Outlook classified as an “Improper Input Validation Vulnerability”. The flaw allows attackers to b…

  2. NVD - CVE-2024-21413

    An official website of the United States government Here's how you know ... CVE, Microsoft Corporation. Patch Vendor Advisory. https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/.CISA-ADP. US Government Resource. https://www.vicarius.io/vso…

  3. Outlook CVE-2024-21413 Remote Code Execution ...

    How does your team prioritize and accelerate patching when a critical, actively exploited ... threat actors to potentially deploy malware, ...

  4. CVE-2024-21413 - Exploits & Severity - Feedly

    Threat Intelligence Report The vulnerability CVE-2024-21413 in Microsoft Outlook has a critical CVSS score of 9.8. It allows for remote code execution through malicious moniker links. Check Point IPS has developed a signature to detect and protect against this vulnerability, and Microsoft has releas…

  5. CVE-2024-21413 Detail - NVD

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog. Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and ...

  6. Microsoft Outlook Vulnerability CVE-2024-21413 🚨 Severity

    Impact: Exploitation allows attackers to execute arbitrary code on a victim's system by leveraging the Preview Pane in Outlook to bypass ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed