Security Advisory
Jun 14
Security Advisory
Microsoft Office RCE Vulnerability - PATCH IMMEDATELY!
Discovery of CVE-2024-30103
Morphisec researchers have discovered a critical Microsoft Office Remote Code Execution (RCE) vulnerability, identified as CVE-2024-30103. This vulnerability primarily impacts Microsoft Outlook clients and poses a significant security risk. The exploit allows attackers to execute arbitrary code on affected systems, which may result in data breaches, unauthorized access, and a range of malicious activities.
One of the particularly dangerous aspects of this vulnerability is its mode of propagation. It does not require any user action, such as clicking a link or opening an attachment. Instead, the vulnerability can be exploited as soon as the user opens a malicious email, especially when using Microsoft Outlook’s auto-open feature.
Technical Impact
The CVE-2024-30103 vulnerability is a high-severity, zero-click exploit that does not necessitate any user interaction, making it extremely easy to execute and thereby increasing the risk of widespread exploitation. Once a system is compromised, the attacker gains the ability to execute arbitrary code with the same privileges as the affected user, potentially leading to complete system control.
This elevated risk of exploitation underlines the necessity for immediate action to mitigate potential threats.
Timeline of Events
- April 3, 2024: Morphisec reports the vulnerability to Microsoft.
- April 16, 2024: Microsoft confirms the vulnerability.
- June 11, 2024: Microsoft releases a patch for CVE-2024-30103 as part of its Patch Tuesday cycle.
Microsoft responded swiftly to the discovery, given the severity and complexity of this vulnerability.
Patch Release and Urgent Call to Action
Due to the ease with which this vulnerability can be exploited, it is crucial that all organizations using Microsoft Outlook apply the latest security patches immediately. Failure to do so could leave systems and sensitive data exposed to severe security risks.
Recommendation
Action Required:
- Update Microsoft Outlook: Ensure all Microsoft Outlook clients are updated with the latest patches included in Microsoft's June 11, 2024 Patch Tuesday release.
- Disable Auto-Open Email Feature: As an interim measure, consider disabling the auto-open email feature within Microsoft Outlook to mitigate the risk until the patch can be applied.
- Monitor Systems: Increase monitoring for any suspicious activities that may indicate attempted exploitation of this vulnerability.
Immediate patching is paramount to protect systems from potential compromise. Delaying this action could result in severe security incidents, including unauthorized access and data breaches.
How Sofecta Labs Can Help
Sofecta Labs MDR Team is committed to assisting you with mitigating this vulnerability. Our team will monitor your environments and Outlook telemetry data to identify any attempts to exploit CVE-2024-30103. By actively tracking and analyzing suspicious activities, we aim to provide early detection and prompt remediation actions.
For additional support regarding this vulnerability, our team is available to help with applying patches, hardening your infrastructure, and ensuring that all defense mechanisms are in place to safeguard your organization.
Conclusion
Given the critical nature of CVE-2024-30103, prompt patching is imperative. Delaying this action could expose your organization to significant security threats, including data breaches and system compromises. We strongly recommend immediate patching to protect your systems and maintain the security of your organizational data
References
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30103
