Updates are essential for systems and apps. Proof of this now appears with Microsoft’s latest solution for Outlook. This email client is vulnerable and has a serious security flaw. This is being exploited and allows users to be attacked without realizing it has happened.
Outlook flaw opens door to attacks
Morphisec researchers recently discovered a 'zero-click vulnerability' in this popular email manager used by millions of users. This means a security flaw that allows a system to be compromised without the user taking any specific action.
The Outlook vulnerability in question has been assigned the identifier “CVE-2024-38021.” If exploited, it could lead to data leaks, unauthorized access, and other malicious activity due to arbitrary code execution. The good news is that users who have downloaded the latest Outlook updates are already protected.
Microsoft was quick to release a security patch to fix the aforementioned vulnerability. To be more precise, the company did so last Tuesday, July 9. This means that this email manager must be updated with the latest patches to strengthen the system's security.
Flaw brings security vulnerability
Microsoft has classified the vulnerability “CVE-2024-38021” as “important” instead of “critical”. This is mainly because the ‘zero-click’ vector can only be exploited when the fraudulent message comes from a trustworthy sender. Morphisec, in turn, asked the Redmond company to reassess the severity of the flaw and classify it as ‘critical’.
Morphisec insists on its severity level by stressing that sender spoofing is a reality. “Given its zero-click nature (for trustworthy senders) and lack of authentication requirements, CVE-2024-38021 poses a serious risk,” the cybersecurity firm says.
Therefore, it is urgent for all those who are postponing updates to apply these fixes quickly. This is the only way to keep Windows and Microsoft apps free from security problems and with high levels of protection. This is yet another perfect example of how a simple flaw can put users' data and the systems where it is hosted at risk.
Source: pplware.sapo.pt