Action is needed! Another serious security flaw has been found in Outlook! Because who doesn't love a little excitement in their inbox? A patch is available and users should install it immediately.

Security researchers from Morphisec have discovered a serious vulnerability in Outlook. CVE-2024-38021 is a zero-click remote code execution (RCE) vulnerability that can allow unauthorized access to your system without a single click.

The vulnerability is said to affect most Microsoft Outlook applications and does not require authentication from users. In the worst case, CVE-2024-38021 can lead to potential data leaks, unauthorized access, and other malicious activities.

High risk vulnerability

According to the researchers, CVE-2024-38021 poses a serious risk to the security of your system. Since the vulnerability can be exploited with zero clicks and there are no authentication requirements, attackers can relatively easily gain access, execute malicious code and cause significant damage.

The lack of authentication makes this vulnerability particularly dangerous. Microsoft itself has classified this vulnerability as having a high risk, but assumed that the vulnerability could only be exploited in exceptional cases.

In the mentioned blog post by the security researchers, however, it is recommended that the gap should even be viewed as critical and that it should be assumed that it is already being actively exploited.

Patch available

The security vulnerability was first discovered at the end of April and reported by Morphisec. Confirmation by Microsoft followed one day later.

Since July 9, Microsoft has been offering a security patch for the vulnerability CVE-2024-38021, which was provided as part of the Tuesday updates.

As it is currently assumed that the security vulnerability is known to potential attackers, you should act quickly. Make sure that all Microsoft Outlook and Office applications are updated with the latest patches as soon as they are available to you.