Microsoft Outlook has a serious security issue, even the White House is asking for it to be fixed

The vulnerability CVE-2024-21413 has been classified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as a critical flaw affecting several Microsoft Office products, including Outlook.

Microsoft Outlook DOWNLOAD

This flaw is related to inadequate input validation that allows attackers to execute arbitrary code on affected systems.

The severity of this vulnerability has been rated with an alarming score of 9.8 out of 10.

When it was discovered and how it affects us as users

Detected in 2024 by researcher Haifei Li from Check Point, the vulnerability allows cybercriminals to send deceptive emails containing malicious hyperlinks.

Through this technique, attackers can bypass the Protected View feature of Outlook, which is designed to open potentially harmful files in read-only mode. In this case, malicious files could be opened in editing mode, significantly increasing the risk of infection.

CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and has set a three-week deadline, until February 27, 2025, for federal agencies to implement patches or stop using the tool.

Although no real-world abuse has been documented at the time of the patch’s release, users have been warned that even simply previewing an email in Outlook may be enough to experience an infection, highlighting the seriousness of the situation.

Microsoft Outlook DOWNLOAD

In addition to the flaw in Outlook, CISA has listed four other vulnerabilities that also require attention, including issues related to 7-Zip, the Dante control process, SQL injection in CyberoamsOS, and a buffer overflow in Sophos XG Firewall. All these vulnerabilities must be fixed before March 2025, due to the significant risks they pose to federal entities.