Morphisec Cybersecurity Blog

You’ve Got Mail: Critical Microsoft Outlook Vulnerability CVE-2024-30103 Executes as Email is Opened

Written by Michael Gorelik | June 11, 2024 at 5:13 PM

In the ever-evolving landscape of cybersecurity, staying ahead of threats is paramount. At Morphisec, our team of dedicated researchers continuously strives to identify and mitigate emerging vulnerabilities to protect organizations worldwide. 

Morphisec Threat Labs researchers are disclosing a critical discovery that underscores the importance of timely updates and proactive security measures.

Discovery of CVE-2024-30103 

Morphisec researchers have identified a significant vulnerability, CVE-2024-30103 — a remote code execution (RCE) vulnerability that impacts most Microsoft Outlook clients. This vulnerability, if exploited, can allow attackers to execute arbitrary code on affected systems, leading to potential data breaches, unauthorized access, and other malicious activities. 

This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened. This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature.   

 

Technical Impact 

The CVE-2024-30103 vulnerability is particularly concerning due to its high probability of exploitation. It is a zero click vulnerability which does not require the user to interact with the content of a malicious email, making it extremely simple to execute.  

This lack of required user interaction, combined with the straightforward nature of the exploit, increases the likelihood that adversaries will leverage this vulnerability for initial access. Once an attacker successfully exploits this vulnerability, they can execute arbitrary code with the same privileges as the user, potentially leading to a full system compromise. 

 

Timeline of Events 

April 3, 2024: The vulnerability was initially reported to Microsoft by Morphisec researchers as part of responsible disclosure policy. 

April 16, 2024: The vulnerability was confirmed. 

June 11, 2024: Microsoft included a patch for CVE-2024-30103 as part of its Patch Tuesday updates. 

We commend Microsoft for addressing this vulnerability relatively quickly, especially considering its problematic nature and the complexity of the previous patch. 

 

Patch Release and Urgent Call to Action 

Morphisec strongly urges all organizations to update their Microsoft Outlook clients immediately to mitigate the risk associated with this vulnerability. Given the ease of exploitation, prompt action is crucial to ensure the security of systems and sensitive data. 

 

Research and Discovery Process 

Morphisec’s research involved extensive fuzzing and reverse engineering of Microsoft Outlook's codebase to identify the specific conditions that led to the discovery of this Microsoft Outlook vulnerability. The findings were then thoroughly documented and reported to Microsoft (as per responsible disclosure process), ensuring a collaborative approach to addressing the issue. 

 

Technical Details and Proof of Concept

Morphisec released their technical findings about CVE-2024-30103 in a more recent blog post. You can read the full technical analysis here.

Additionally, the Morphisec Threat Labs team presented their technical findings about CVE-2024-30103 and CVE-2024-38021 on the main stage at DEF CON 32. If you weren't able to attend in person, watch the on-demand webinar to hear directly from those that discovered these vulnerabilities and to learn more about the vulnerabilities. Watch now.  

 

 

How Morphisec can Help 

At Morphisec, we employ Automated Moving Target Defense techniques designed to significantly reduce the risk of exploitation from vulnerabilities like CVE-2024-30103. By dynamically altering the attack surface, we create a challenging environment for potential attackers. This approach enhances the protection of our clients against a wide range of sophisticated cyber threats. 

Morphisec’s AMTD technology acts as virtual patching and compensating control for unpatched vulnerabilities. It proactively prevents attacks on unpatched operating systems and application vulnerabilities by dismantling attack pathways, thereby collapsing an attacker’s framework. See Morphisec in action — schedule a demo today.