Very hot take: Outlook (classic) should be regarded as a high-risk application at this point, after the numerous critical vulnerabilities that keep being patched.
These CVE's are responsible for zero-click RCE or token theft in Outlook:
july 2024: CVE-2024-38021
june 2024: CVE-2024-30103 (requires user auth)
february 2024: CVE-2024-21413
august 2023: CVE-2023-35384
may 2023: CVE-2023-29324
march 2023: CVE-2023-23397
Outlook Web works just fine for me 🤷
Jeffrey /
npub1cn…3fmtu
2024-07-11 13:36:41
Author Public Key
npub1cn5nsez6j3u6840a28skcsv6853ypc9gmeeznu7sa4l032kcy63q33fmtuPublished at
2024-07-11 13:36:41Event JSON
{
"id": "7cde96b691278ac721613b58d0654b2f4a4469d49d251ecfcee1868880c7dec5",
"pubkey": "c4e938645a9479a3d5fd51e16c419a3d2240e0a8de7229f3d0ed7ef8aad826a2",
"created_at": 1720705001,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/jtig/statuses/112768122980712688",
"activitypub"
]
],
"content": "Very hot take: Outlook (classic) should be regarded as a high-risk application at this point, after the numerous critical vulnerabilities that keep being patched.\n\nThese CVE's are responsible for zero-click RCE or token theft in Outlook:\n\njuly 2024: CVE-2024-38021\njune 2024: CVE-2024-30103 (requires user auth)\nfebruary 2024: CVE-2024-21413\naugust 2023: CVE-2023-35384\nmay 2023: CVE-2023-29324\nmarch 2023: CVE-2023-23397\n\nOutlook Web works just fine for me 🤷",
"sig": "e907b106f89bc470b8c23ee5b83500c7d894ff28a14c512806c2090a5be41d931c91f85bc74a934743dd707c84856535bf3982e88f1105fa6704e39489a537c8"
}