Summary: CISA has issued a warning to U.S. federal agencies regarding persistent attacks exploiting a critical vulnerability in Microsoft Outlook, tracked as CVE-2024-21413. This vulnerability allows attackers to execute arbitrary code and potentially steal credentials by manipulating links within emails. As it is actively exploited, CISA has mandated that federal agencies secure their networks by February 27, 2024.
Affected: U.S. federal agencies, Microsoft Outlook users
Keypoints :
- Vulnerability CVE-2024-21413 affects multiple Microsoft Office products, allowing bypass of Outlook protections.
- Attackers exploit the flaw by manipulating links to execute malicious Office documents, leading to potential credential theft.
- CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging swift action from federal agencies.