Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability, 24 July 2024

Wednesday, 24 July 24

What is happening:

Security researchers have uncovered a critical vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This zero-click remote code execution (RCE) vulnerability, now patched by Microsoft, did not require any authentication, setting it apart from the previously discovered CVE-2024-30103, which required at least an NTLM token. CVE-2024-38021 (8.8 High): Microsoft Outlook Remote Code Execution Vulnerability via improper input validation

Affected Versions:

• Microsoft Office 2016 (64-bit edition)

• Microsoft Office 2016 (32-bit edition)

• Microsoft Office LTSC 2021 for 32-bit editions

• Microsoft Office LTSC 2021 for 64-bit editions

• Microsoft 365 Apps for Enterprise for 64-bit Systems

• Microsoft 365 Apps for Enterprise for 32-bit Systems

• Microsoft Office 2019 for 64-bit editions

• Microsoft Office 2019 for 32-bit editions.

When is it happening:

Saturday, 24 July.

Who will this affect:

All UCD users who are currently using Microsoft Outlook.

UCD IT Services

Computer Centre, University College Dublin, Belfield, Dublin 4, Ireland.

(opens in a new window)

Explore UCD

About UCD

Students

Research & Innovation

Colleges

Engage

Key Services

Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability, 24 July 2024

UCD IT Services