Please note that a new vulnerability has been discovered that affects the application “Microsoft Outlook”. This vulnerability can be exploited by malicious actors to gain unauthorised access, compromise sensitive data, or disrupt normal operations.
| Vulnerability Name | CVE-2024-21413 |
| Severity | CRITICAL |
| CVSS | 9.8 |
| Affected Products | Microsoft Office 2016 Microsoft Office LTSC 2021 Microsoft 365 Apps for Enterprise Microsoft Office 2019 |
Description:
Successful exploitation of this vulnerability would allow the threat actor to bypass the Office Protected View. A threat actor who has successfully exploited this vulnerability could gain high privileges, including, read, write, and delete functionality. The ACSC is not aware of active exploitation of CVE-2024-21413 at this time.
For customers with an ONGC Managed Security Services (MSSA) agreement:
We want to assure you that our expert team is proactively working to manage and remediate this vulnerability on your behalf. Our security analysts are actively monitoring the situation, and we will take the necessary steps to protect your environment from any potential exploitation. Our security team will contact you if any further action is required from you.
For companies without an ONGC Managed Security Services (MSSA) or Managed Services (MSA) agreement:
We highly recommend following the recommended remediation steps outlined below to safeguard your systems and minimise any potential impact from this vulnerability.
Unsure if you have coverage? Check out our article on Managed Services vs Managed Security or contact our team to discuss available solutions.
Resolution:
Users can ensure this vulnerability is remediated by applying current updates from within the Microsoft Outlook application or using Windows Update to install the latest patches.
