Cyber Resilience

CVE-2024-21413

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 February 2024

Published
13 February 2024
Modified
28 October 2025
KEV Added
06 February 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9296 99.8th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-21413 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Office 2016. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

Microsoft Outlook contains a remote code execution vulnerability, CVE-2024-21413, that arises from improper input validation (CWE-20) in the handling of MonikerLink objects. The flaw affects the Microsoft Outlook email client and received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require neither authentication nor user interaction.

An unauthenticated remote attacker can exploit the issue by delivering a crafted message or link that triggers code execution, resulting in complete loss of confidentiality, integrity, and availability on the affected system.

Microsoft has published official guidance and patches through its security update guide at msrc.microsoft.com. Additional technical analysis from Check Point Research describes the underlying moniker-link mechanism, while Vicarius has released corresponding detection and mitigation scripts.

The EPSS score currently stands at 0.9296 with a recorded peak of 0.9350.

EU & UK References

Vulnerability details

Microsoft Outlook Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
06 February 2025

Related Threats

CVEs Like This One

CVE-2026-21514Same product: Microsoft 365 Appsboth on KEV
CVE-2026-32201Same vendor: Microsoftboth on KEV
CVE-2026-21509Same product: Microsoft 365 Appsboth on KEV
CVE-2021-31207Same vendor: Microsoftboth on KEV
CVE-2026-21510Same vendor: Microsoftboth on KEV
CVE-2025-59287Same vendor: Microsoftboth on KEV
CVE-2026-27913Same vendor: Microsoft
CVE-2026-20956Same product: Microsoft 365 Apps
CVE-2025-24077Same product: Microsoft 365 Apps
CVE-2026-33844Same vendor: Microsoft

Affected Assets

microsoft
365 apps
all versions
microsoft
office 2016
all versions
microsoft
office 2019
all versions
microsoft
office long term servicing channel
2021

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patches referenced in the MSRC advisory to eliminate the RCE flaw before exploitation.

prevent

Addresses the CWE-20 root cause by enforcing validation of untrusted input (e.g., email content) that the flaw fails to perform.

preventdetect

Requires integrity verification of software and incoming information to block or detect unauthorized code execution attempts via Outlook.

References