A High-Severity Exploit That Requires No User Interaction, critical Vulnerability.
A newly discovered zero-click remote code execution (RCE) vulnerability, CVE-2025-21298, has been found in the Windows Object Linking and Embedding (OLE) system of Microsoft Outlook. With a severity score of 9.8 (CVSS), this flaw allows attackers to execute malicious code without user interaction—simply by previewing an email.
How the vulnerability Works
The vulnerability originates in ole32.dll, specifically in the function UtOlePresStmToContentsStm, which processes embedded OLE objects in RTF files. The issue stems from a "double-free" memory release, leading to potential remote code execution when processing malicious RTF attachments in Outlook or Microsoft Word.
Attack Method & Impact
Attackers send a malicious RTF email attachment.
The exploit is triggered automatically when the victim previews the email—no clicks required!
Once compromised, attackers can deploy malware, steal data, or escalate privileges.
Affects multiple Windows versions from Windows 10 to Windows 11 and Windows Server 2008 - 2025.
Mitigation & Protection
✅ Apply Microsoft's January 2025 Patch Immediately
✅ Disable RTF file preview in Outlook to minimize risk
✅ Use advanced email security filters to block suspicious attachments
✅ Monitor for suspicious network activity using KQL queries
コメント