CVE-2024-21413:

CVE-2024-21413 is a critical remote code execution vulnerability in Microsoft Outlook that affects multiple Microsoft Office products. It arises from improper input validation and can be exploited over the network without user interaction, potentially allowing an attacker to execute arbitrary code on a vulnerable system. The CVSS v3.1 base score is 9.8 (CRITICAL).

Score
A numerical rating that indicates how dangerous this vulnerability is.

9.8Critical

Published Date:Feb 13, 2024
CISA KEV Date:Feb 6, 2025
Industries Affected:20

Armis Early Warning:

359 Days

Threat Predictions

EPSS Score:93.0
EPSS Percentile:100%

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Overview

Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413) is a critical flaw that enables remote code execution through improper input validation in Outlook processing. It affects a range of Office products and versions, carries a CVSS v3.1 base score of 9.8, and can be exploited over the network without user interaction. The vulnerability can lead to full system compromise, with exploitation described as active and automatable. Addressing this risk requires applying the latest Office security updates and implementing compensating controls to reduce exposure while patches are deployed.

Remediation

Apply the latest Microsoft security updates for all affected Office products (Office 2019, 365 Apps for Enterprise, Office LTSC 2021, and Office 2016) per the Microsoft Office security release guidance to remediate CVE-2024-21413. Verify devices are updated to versions after the mandated fixed releases.
If immediate patching is not feasible, enforce mitigations to reduce exposure:
Enable Microsoft Defender for Office 365 Safe Attachments and Safe Links to inspect and block dangerous content delivered via Outlook.
Implement Attack Surface Reduction (ASR) rules relevant to Office and email processing to block suspicious attachments and links.
Restrict or disable potentially risky content types and macros where feasible.
Ensure endpoint protection and EDR tools are up to date and monitor for indicators of compromise related to Outlook processing.
Strengthen visibility and response:
Deploy centralized patch management and verify patch deployment across all endpoints.
Monitor email and endpoint telemetry for signs of exploitation and correlate with KEV indicators.
Test patches in a controlled environment before broad rollout and plan for a rapid remediation window if indicators of exploitation appear.
After patching, verify that affected systems are no longer vulnerable and document remediation progress for audit purposes.