CVE-2024-30103

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions prior to the fixed version

Description: A critical zero-click remote code execution vulnerability has been discovered in Microsoft Outlook. This vulnerability allows attackers to execute arbitrary code by sending a specially crafted email. The issue is related to the use of an incomplete blacklist when processing input data, which can be exploited by creating specially formed DLL files. The vulnerability can be triggered without any user interaction, simply by opening a malicious email.

Recommendations: For Microsoft Outlook versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider disabling the auto-open email feature to minimize the risk of exploitation. Restrict access to vulnerable modules to minimize the risk of exploitation. Avoid using vulnerable parameters in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.