EXCLUSIVE WEBINAR: Microsoft Outlook Chaos Unleashed — Live Technical Analysis of new Vulnerabilities
arrow-white arrow-white Secure your spot

You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened

Posted by Michael Gorelik on June 11, 2024
Find me on:

In the ever-evolving landscape of cybersecurity, staying ahead of threats is paramount. At Morphisec, our team of dedicated researchers continuously strives to identify and mitigate emerging vulnerabilities to protect organizations worldwide. 

Morphisec Threat Labs researchers are disclosing a critical discovery that underscores the importance of timely updates and proactive security measures.


Discovery of CVE-2024-30103 

Morphisec researchers have identified a significant vulnerability, CVE-2024-30103 — a remote code execution (RCE) vulnerability that impacts most Microsoft Outlook clients. This vulnerability, if exploited, can allow attackers to execute arbitrary code on affected systems, leading to potential data breaches, unauthorized access, and other malicious activities. 

This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened. This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature.   


Technical Impact 

The CVE-2024-30103 vulnerability is particularly concerning due to its high probability of exploitation. It is a zero click vulnerability which does not require the user to interact with the content of a malicious email, making it extremely simple to execute.  

This lack of required user interaction, combined with the straightforward nature of the exploit, increases the likelihood that adversaries will leverage this vulnerability for initial access. Once an attacker successfully exploits this vulnerability, they can execute arbitrary code with the same privileges as the user, potentially leading to a full system compromise. 


Timeline of Events 

April 3, 2024: The vulnerability was initially reported to Microsoft by Morphisec researchers as part of responsible disclosure policy. 

April 16, 2024: The vulnerability was confirmed. 

June 11, 2024: Microsoft included a patch for CVE-2024-30103 as part of its Patch Tuesday updates. 

We commend Microsoft for addressing this vulnerability relatively quickly, especially considering its problematic nature and the complexity of the previous patch. 


Patch Release and Urgent Call to Action 

Morphisec strongly urges all organizations to update their Microsoft Outlook clients immediately to mitigate the risk associated with this vulnerability. Given the ease of exploitation, prompt action is crucial to ensure the security of systems and sensitive data. 


Research and Discovery Process 

Morphisec’s research involved extensive fuzzing and reverse engineering of Microsoft Outlook's codebase to identify the specific conditions that led to the discovery of this Microsoft Outlook vulnerability. The findings were then thoroughly documented and reported to Microsoft (as per responsible disclosure process), ensuring a collaborative approach to addressing the issue. 


Upcoming Technical Details and Proof of Concept

Morphisec will be releasing the technical details and POC for CVE-2024-30103, along with an additional vulnerability that is yet to be patched, at the DEFCON 32 conference in Las Vegas. This will be part of the presentation "Outlook Unleashing RCE Chaos: CVE-2024-30103" with Michael Gorelik and Arnold Osipov as presenters. 


How Morphisec can Help 

At Morphisec, we employ Automated Moving Target Defense techniques designed to significantly reduce the risk of exploitation from vulnerabilities like CVE-2024-30103. By dynamically altering the attack surface, we create a challenging environment for potential attackers. This approach enhances the protection of our clients against a wide range of sophisticated cyber threats. 

Morphisec’s AMTD technology acts as virtual patching and compensating control for unpatched vulnerabilities. It proactively prevents attacks on unpatched operating systems and application vulnerabilities by dismantling attack pathways, thereby collapsing an attacker’s framework. See Morphisec in action — schedule a demo today.

New call-to-action