A Proof-of-Concept (PoC) exploit has been released for a critical Remote Code Execution (RCE) vulnerability in Microsoft Outlook, dubbed “MonikerLink”.
The Threat: Attackers can execute malicious code by sending a specially crafted email. This flaw is part of a broader systemic issue with Windows COM APIs.
Action: Ensure the security updates released in the February 2024 Patch Tuesday are applied across all Microsoft Office installations. As a temporary mitigation, organizations can block outbound SMB traffic to external addresses.
Comments are closed