CVE-2024-21378

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions prior to the fixed version

Description The vulnerability in Microsoft Outlook is related to insufficient validation of input data, allowing remote attackers to execute arbitrary code on the affected system. This issue can potentially grant attackers extensive control over the system. It is estimated that over 800,000 systems are potentially affected, mainly distributed in countries such as Germany and the United States. The vulnerability has been exploited in real-world incidents, with proof-of-concept code available. Technical details about exploitation include the use of synchronized form objects.

Recommendations To resolve the issue, update Microsoft Outlook to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the functionality related to synchronized form objects until a patch is available. Restrict access to the vulnerable components of Microsoft Outlook to minimize the risk of exploitation. Apply the security update released by Microsoft to patch the vulnerability. If no specific fix is provided for your version of Microsoft Outlook, ensure you are running the latest version available.