CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-21413

CVSS 9.8v3.1pub. 2024-02-13upd. 2025-10-28

Microsoft Outlook Remote Code Execution Vulnerability

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft 365 Apps

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Office 2016

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Office 2019

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Office Long Term Servicing Channel

    APP
    Microsoft
    2021

CISA KEV — detailsi

Vendori
Microsoft
Producti
Office Outlook
Added to KEVi
February 6, 2025
Remediation deadline (US Federal)i
February 27, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 27 lutego 2025
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-23397CRITICAL9.8⚠ KEVten sam produkt

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2025-60724CRITICAL9.8PL ✓ten sam produkt

Heap buffer overflow w Microsoft Graphics Component — zdalne wykonanie kodu

CVE-2023-33150CRITICAL9.6ten sam produkt

Microsoft Office Security Feature Bypass Vulnerability

CVE-2023-21716CRITICAL9.8ten sam produkt

Microsoft Word Remote Code Execution Vulnerability

CVE-2020-0901CRITICAL9.8ten sam produkt

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly h...