First published: 18 Feb 2024
Last updated: 18 Feb 2024

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

This alert has been written for individuals and the IT teams of organisations and government who use Microsoft Office Outlook products.

Background / What has happened?

ASD’s ACSC is tracking a remote code execution vulnerability in Microsoft Office Outlook products.

CVE-2024-21413 refers to a vulnerability that exploits the Outlook preview pane as an attack vector.

Successful exploitation of this vulnerability would allow the threat actor to bypass the Office Protected View.

A threat actor who has successfully exploited this vulnerability could gain high privileges, including, read, write and delete functionality.

This vulnerability affects customers running the following Microsoft products:

  • Microsoft Office 2016
  • Microsoft Office LTSC 2021
  • Microsoft 365 Apps for Enterprise
  • Microsoft Office 2019

ASD’s ACSC is not aware of active exploitation of CVE-2024-21413 at this time.

Mitigation / How do I stay secure?

To stay secure, individuals and organisations should review their devices for use of vulnerable Microsoft Office products and refer to the Microsoft advisory.

Assistance / Where can I go for help?

ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it