August 10, 2024 at 01:45AM Microsoft has disclosed an unpatched zero-day in Office (CVE-2024-38200) that could lead to unauthorized disclosure of sensitive information to malicious actors. A patch is expected on August 13, with an alternative fix already enabled. Three mitigation strategies have been outlined. Microsoft is also working on addressing other zero-day flaws in … Read more
February 14, 2024 at 05:02PM Microsoft has identified a critical security vulnerability, CVE-2024-21413, in Outlook that allows remote unauthenticated attackers to exploit it, leading to remote code execution and the theft of NTLM credentials. The flaw bypasses Protected View and can be exploited through the Preview Pane, affecting multiple Office products. Check Point revealed a … Read more
February 14, 2024 at 03:12PM Microsoft updated a security advisory warning about a critical Outlook bug, tracked as CVE-2024-21413, leading to remote code execution if exploited. The vulnerability allows bypassing Protected View, affecting multiple Office products including Microsoft Outlook 2016 and Office 2019. Check Point researchers discovered the vulnerability called Moniker Link, recommending applying the … Read more