Summary: Microsoft has patched a critical security vulnerability (CVE-2025-21298) in Windows OLE that allows attackers to execute malicious code without user interaction, receiving a CVSS score of 9.8. This “zero-click” exploit can be triggered simply by previewing a malicious RTF email in Outlook, affecting a wide range of Windows systems. Security experts recommend immediate actions for organizations to mitigate risks associated with this vulnerability.
Threat Actor: Unknown | unknown
Victim: Microsoft Windows Users | Microsoft Windows Users
Keypoints :
- Vulnerability allows arbitrary code execution via a double-free memory bug in ole32.dll.
- Affects Windows Server versions from 2008 to 2025 and Windows 10/11 platforms.
- Immediate actions include deploying security updates, configuring Outlook, and enhancing threat detection.
Source: https://www.cyberkendra.com/2025/01/critical-zero-click-vulnerability-in.html