The vulnerability CVE-2024-38021 in Microsoft Outlook, discovered by security researchers at the end of April, is considered critical. Microsoft is now rolling out a security patch as part of Patch Tuesday.

Security researchers from Morphisec discovered a dangerous vulnerability in Microsoft Outlook at the end of April. The vulnerability is called CVE-2024-38021 and is categorized as a zero-click remote code execution (RCE) vulnerability. Such vulnerabilities allow unauthorized access to systems without a single click. Microsoft has now released a security patch for the CVE-2024-38021 vulnerability.

CVE-2024-38021

The vulnerability CVE-2024-38021 was discovered by security researchers at Morphisec at the end of April and confirmed by Microsoft a few days later. A patch from Microsoft only followed on July 9.

Microsoft has classified this Outlook vulnerability as a “high” risk because it could only be exploited in certain cases. However, according to security researchers, it is already being actively abused. They describe the vulnerability as “critical”.

Patch now

The issue affects most Microsoft Outlook applications and does not require user authentication. In the worst case, this vulnerability could lead to data leakage or unauthorized access.

Due to the seriousness of this Outlook vulnerability and the suspicion that it is already being actively exploited, the company recommends applying the patch as soon as possible by updating your Outlook applications with the latest security patch.