Security
Headlines
HeadlinesLatestCVEs

Headline

New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

By Waqas The #MonikerLink security flaw in Microsoft Outlook allows hackers to execute arbitrary code on the targeted device. This is a post from HackRead.com Read the original post: New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

HackRead
#vulnerability#web#mac#windows#microsoft#dos#intel#perl#auth#chrome#ssl

The #MonikerLink vulnerability (CVE-2024-21413) holds a CVSS score of 9.8 out of 10, indicating critical severity and high exploitability, potentially enabling system compromise with minimal user interaction.

Check Point Research (CPR) has discovered a critical security flaw in Microsoft Outlook. Dubbed the #MonikerLink; the vulnerability allows threat actors to execute arbitrary code on their targeted device. The research, detailed in a blog post, highlights the flaw’s potential to exploit the way Outlook processes certain hyperlinks.

The exploit is tracked as CVE-2024-21413 with a CVSS score of 9.8 out of 10, which means the vulnerability has critical severity and is highly exploitable, possibly allowing an attacker to compromise the system with minimal user interaction. This could lead to complete system compromise, denial of service, and data breach. Furthermore, an attacker could execute arbitrary code, steal data, and install malware.

The issue occurs due to the way Outlook processes the “file://” hyperlinks, leading to severe security implications. Threat actors can execute unauthorized code on the targeted device. CPR’s research reveals that the #MonikerLink vulnerability misuses the Component Object Model (COM) on Windows, allowing unauthorized code execution and leaking of local NTLM credential information.

The vulnerability exploits a user’s NTLM credentials to enable arbitrary code execution through the COM in Windows. When a user clicks on the malicious hyperlink, it connects to a remote server controlled by the attacker, compromising authentication details and potentially leading to code execution. This allows attackers to invoke COM objects and execute code on the victim’s machine remotely, bypassing the Protected View mode in Office applications.

Researchers studied three attack vectors for MS Windows-Outlook 2021: the “obvious” Hyperlink attack vector, the “normal” attachment attack vector, and the “advanced” attack vector. The “obvious” Hyperlink attack vector involves sending emails with malicious web hyperlinks, posing security risks in browsers.

The “normal” attachment attack vector involves the attacker sending a malicious email and luring the victim to open the attachment. The Advanced attack vector, the Email Reading attack vector, triggers security problems when the victim reads an email on Outlook.

Microsoft Outlook, one of the world’s most popular Microsoft Office suite apps, has become a critical gateway for introducing cyber threats into organizations. Microsoft’s Threat Protection Intelligence team discovered a critical vulnerability (CVE-2023-23397) in Outlook in March 2023 which threat actor Forest Blizzard was exploiting to steal Net-NTLMv2 hashes and access user accounts.

According to CPR’s blog post, the company has confirmed the latest vulnerability in Microsoft 365 environments and notified the Microsoft Security Response Center. Microsoft is yet to respond to the issue. Hackread.com will update readers as soon as more details are shared with the cybersecurity community.

This vulnerability, which extends beyond Outlook, poses a significant risk to organizational security. Both users and organizations are advised to apply patches, follow security practices, and remain vigilant against suspicious emails.

****RELATED ARTICLES****

  1. Microsoft Outlook bug expose Windows credentials to hackers
  2. StrelaStealer Malware Hijacking Outlook, Thunderbird Accounts
  3. Chinese Hackers Stole Signing Key to Breach Outlook Accounts
  4. New variant of MassLogger Trojan stealing Chrome, Outlook data
  5. Microsoft Teams External Access Abuses to by DarkGate Malware

Related news

Microsoft NTLM Zero-Day to Remain Unpatched Until April

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

Mitigating NTLM Relay Attacks by Default

Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in the past.

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]

Update now! Microsoft fixes two zero-days on February Patch Tuesday

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday.

Fat Patch Tuesday, February 2024 Edition

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security

Microsoft Patch Tuesday, December 2023 Edition

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known "zero-day" threats targeting any of the vulnerabilities in December's patch batch. Still, four of the updates pushed out today address "critical" vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.

Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group

By Waqas Forest Blizzard (aka STRONTIUM, APT28, and Fancy Bear) is thought to have affiliations with or support from the Russian military intelligence agency. This is a post from HackRead.com Read the original post: Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The

Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine

The latest episode of ThreatWise TV from Hazel Burton is the closest look yet at the team Talos assembled in the days after Russia invaded Ukraine.

Microsoft Patch Tuesday, March 2023 Edition

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.

CVE-2023-23397

Microsoft Outlook Elevation of Privilege Vulnerability

HackRead: Latest News

Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records