Introduction

A newly identified vulnerability, CVE-2024-30103, in Microsoft Outlook poses a serious cybersecurity threat. This "zero-click" remote code execution (RCE) flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body of the email, requiring no further interaction from the user. Although there are no known exploits in the wild yet, it is crucial for organizations to update their Outlook installs with the Microsoft patch as soon as possible.

How It Works

The CVE-2024-30103 vulnerability leverages a flaw in how Microsoft Outlook handles specific types of email content. An attacker can embed malicious code within the body of an email, which gets executed as soon as the email is opened. This can lead to unauthorized access, data breaches, and further network compromise.

Importance of Immediate Action

Despite no exploits being reported (as of this writing), the potential impact of this vulnerability necessitates urgent attention. Assume that cybercriminals are already working on ways to exploit this flaw, making preemptive measures essential.

Recommended Steps for Microsoft 365 Admins

Here at IRONSCALES, we forced an immediate update to every device using Microsoft Outlook. Here are the steps we used:

Log in to the M365 Admin Center:

• Navigate to M365 Admin Center
• Sign in with your admin credentials.

Set Update Channel:

• Go to Devices.
• Select the Monthly Enterprise Channel for consistent, predictable updates.
• Apply changes to all necessary devices.

Force Immediate Update Deadline:

• Still in M365 Admin Center, go to Settings.
• Under Update Deadline, set the number of days to 0 for immediate application.
• Note: This will interrupt active sessions to force a restart of Outlook to apply the update.

Log in to Microsoft Intune:

• Navigate to Microsoft Intune
• Sign in with your admin credentials.

Configure Update Channel via Intune:

• Go to Devices > Configuration Profiles.
• Create or edit a profile to set the Update Channel to Monthly Enterprise Channel.

Set Update Deadline in Intune:

• Within the same profile, go to Update Deadline.
• Set the deadline to 0 days to ensure immediate updates.
• Purpose: Config controls by user policy, and Intune controls by machine policy. This ensures updates even if users aren't signed into Office.

Save and Deploy:

• Review settings and save configurations.
• Deploy the updated profiles to the targeted devices.

Acting now to update Microsoft Outlook will significantly reduce the risk posed by the CVE-2024-30103 vulnerability. While different organizations may use various tools or methods, the strategy remains the same: enforce immediate updates to protect against potential exploitation.