CVE-2024-21413
Published Feb 13, 2024
Last updated 6 months ago
AI description
CVE-2024-21413 is a remote code execution (RCE) vulnerability affecting Microsoft Outlook. It stems from improper input validation when Outlook processes URLs, particularly those using the `file://` protocol and crafted URL structures. This vulnerability, also known as the "MonikerLink" bug, allows attackers to bypass security protections, such as the Office Protected View, and execute arbitrary code on a victim's machine by sending a malicious email. The vulnerability can be triggered even when previewing a maliciously crafted email. Successful exploitation could lead to remote code execution, theft of NTLM credentials, data exfiltration, data encryption, installation of malware, and potential full system compromise. It affects various versions of Microsoft Outlook, including Microsoft Office 2016, 2019, 2021, and Microsoft 365 Apps.
- Description
- Microsoft Outlook Remote Code Execution Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- 365_apps, office_2016, office_2019, office_long_term_servicing_channel
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Outlook Improper Input Validation Vulnerability
- Exploit added on
- Feb 6, 2025
- Exploit action due
- Feb 27, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-20
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/dDkNFlyWGq #tryhackme via @tryhackme
@HafzKhalil
9 May 2026
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/PnvhVuuh9S #tryhackme via @tryhackme
@mhmdalq02
8 May 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I started the exploitation basics module on THM! (CVE-2024-21413) covers a vulnerability in Outlook that allowed attackers to bypass security by adding "!" to a file:// link in an email. Once clicked, it could steal your NTLM credentials. Metasploit is a powerful tool that http
@Ogechee_
6 May 2026
1694 Impressions
6 Retweets
60 Likes
6 Bookmarks
2 Replies
0 Quotes
CVE-2024-21413. Status: ✅ Confirmed exploited in the wild Date added: 2025-02-06 Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
@lyrie_ai
4 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/CuHhd3kwQu #tryhackme via @tryhackme
@CreamjamBird
22 Apr 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/rFMHY02ffE #tryhackme via @tryhackme
@profession32384
20 Apr 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/nFE31geDx0 #tryhackme via @tryhackme
@SangAlberto
17 Apr 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/lIqPqz957i #tryhackme via @tryhackme
@DEDSEC0025
17 Apr 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/Xhva2jW3rW #tryhackme через @tryhackme
@rickert155
10 Apr 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/WjjSKgnGmo #tryhackme via @tryhackme
@ToheebDev
6 Apr 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/vJqqefVaec Microsoft Outlookにおいて、特定リンクをクリックするだけでリモートコード実行(RCE)が可能になる致命的な脆弱性(CVE-2024-21413)が報告されています。必ず最新のセキュリティ更新を適用してくだ
@Anti_Ch_PCgc
2 Apr 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/LN7DqrjwDk #tryhackme via @tryhackme
@debmahato8967
25 Mar 2026
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Day 45: 🔗CVE-2024-21413 (Moniker Link): Diving deep into how a simple Outlook hyperlink can bypass Protected View to leak NTLM hashes or trigger RCE. 🛠️
@dheeraditya1
18 Mar 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Outlook RCE CVE-2024-21413 (CVSS 9.8) is HOT! Malicious links exploit NTLM relay via preview pane for RCE. Think targeted phishing, but without a click. Exploit using Responder/Impacket. #Outlook #RCE #Cybersecurity https://t.co/BjeGzZHgIR
@computerauditor
17 Mar 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/k0pdHWw7WT #tryhackme via @tryhackme
@Jasmin03897025
17 Mar 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/87RysCQWhk #tryhackme via @tryhackme
@dronjx
16 Mar 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/6mcGNF0J6B #tryhackme via @tryhackme
@lerchmirko
14 Mar 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/bT1Aoqvy7R
@Ryad3135
11 Mar 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/96Zk5MF9yT #tryhackme via @tryhackme
@XaliqRagimli27
10 Mar 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/7rjTiv9kYO #tryhackme via @tryhackme
@chuol_hoth
28 Feb 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/UUeK4V6W0z #tryhackme via @tryhackme
@mgillanders
28 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/Eu6ilZW3mh #tryhackme via @tryhackme
@KuriJMandara
26 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/Eu6ilZVvwJ #tryhackme via @tryhackme
@KuriJMandara
26 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CRITICAL] APT29 OAuth Token Theft Campaign APT29 actively exploiting OAuth token theft t… 🔴 CVE: CVE-2024-21413 🕵️ APT: APT29 🏭 Sectors: finance, government #mysocAi #CyberSecurityusingAi #ThreatIntel #CVE202421413 🔗 https://t.co/1VmtnQVX6T
@MysocAi
23 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CRITICAL] APT29 OAuth Token Theft Campaign APT29 actively… 🔴 CVE: CVE-2024-21413 🕵️ APT: APT29 🏭 Sectors: finance, government #mysocAi #CyberSecurityusingAi #Vulnerability #Criticality #ThreatIntel #CVE202421413 🔗 https://t.co/1VmtnQVX6T
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CRITICAL] APT29 Midnight Blizzard Active Campaign via OAuth Token Theft … 🔴 CVE: CVE-2024-21413, CVE-2024-20671 🕵️ APT: APT29 🏭 Sectors: finance, government #mysocAi #CyberSecurityusingAi #Vulnerability #Criticality #ThreatIntel #CyberSecurity #CVE202421413
@MysocAi
23 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/k8il1CJ4og #tryhackme via @tryhackme
@Mr_ajitsharma74
22 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/M3D111EzAJ #tryhackme @tryhackmeより
@Sirai_Tukuyomi
21 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/ahRjmwCiSp #tryhackme via @tryhackme
@White_Crow017
20 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just learned how CVE-2024-21413 (Moniker Link vuln) works and it’s wild 🤯 Outlook renders HTML emails → attacker embeds a file:// link → adds a special ! trick → bypasses Protected View → Windows auto-authenticates via SMB → leaks NTLM hash 😬 No malware. Just a
@White_Crow017
20 Feb 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 108 of learning Cybersecurity on TryHackMe, I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/J1ozAD0YTS #tryhackme via @tryhackme
@DGilcore
19 Feb 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! An Outlook's vulnerability in 2024 that leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/J1ozAD0YTS #tryhackme via @tryhackme @ireteeh @Adanna_techie @AdePelumi15 https
@DGilcore
19 Feb 2026
85 Impressions
1 Retweet
2 Likes
1 Bookmark
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/jIq09hIs1e #tryhackme via @tryhackme
@lumentraaa
15 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/5Sy9eiWyvk #tryhackme via @tryhackme
@YMoriati42377
13 Feb 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/t6qJmMgLNS #tryhackme via @tryhackme
@quek_guan
8 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/6xUmCMcDdm #tryhackme via @tryhackme
@Althaf1145
6 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The NTLM leak vulnerability (CVE-2024-21413): User receives email with link: file://attacker.com/share!\ User clicks. Windows: "Oh, a file share. Let me authenticate." Windows sends: Username + NTLM hash to attacker's server Attacker cracks hash offline One click. Full compromise
@SALIMASSILI2006
5 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! https://t.co/igg97EGdwm
@saaramhussnain
5 Feb 2026
58 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1️⃣ One character bypasses Microsoft security CVE-2024-21413: Add ! to a file:// link in Outlook. User clicks. Windows automatically leaks NTLM credentials. No download. No warning. CVSS 9.8 = critical. One character = Entire network compromised. https://t.co/p3ljypv97E
@SALIMASSILI2006
3 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
One character can steal your password. Just ! in a file:// link = Windows leaks NTLM credentials. CVE-2024-21413 | CVSS 9.8 Small detail = Massive impact. This is why SOC analysts obsess over "minor" things. #CyberSecurity #SOCAnalyst #ThreatIntel https://t.co/YI8IKuDhuR
@SALIMASSILI2006
3 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy new month 🎉 February is here and the grind continues. Wrapped up the Moniker Link module (CVE-2024-21413). Learned how Outlook can leak NTLM hashes via Moniker Links and how to defend against it. #Cybersecurity #LearningInPublic #TechJourney https://t.co/aYMQMi4qlx
@jeo_crypts
2 Feb 2026
55 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Discover how UAC-0028 exploits CVE-2024-21413 in Outlook to steal credentials and bypass defenses, with CERT-UA insights and actionable mitigations. 🌐 Explore the
@PurpleOps_io
2 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/xXyriTmL53 #tryhackme via @tryhackme
@SultryIce
31 Jan 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/yHnA3kLK5h #tryhackme via @tryhackme
@pooping4poops
30 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/0P3MEzDC6V #tryhackme via @tryhackme
@J3CHxP
27 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/h0icCCtgXX #tryhackme via @tryhackme
@mallox_318
25 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/l5wmJlWHhw #tryhackme via @tryhackme
@MrKiyan404
22 Jan 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 16: my journey on @tryhackme alongside @d4rk_intel > Moniker link Deep dive into CVE-2024-21413, Explored how crafted Outlook links bypass Protected View, enabling credential leaks and potential RCE, alongside detection and mitigation in a lab environment. #cybersecurit
@Azutech_
22 Jan 2026
349 Impressions
0 Retweets
7 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/40iFhXR2Lq #tryhackme via @tryhackme
@RedionMeta
20 Jan 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/n70Qrl6uev #tryhackme via @tryhackme
@JayeshV88153533
19 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*",
"matchCriteriaId": "45A9ECE7-F173-47AB-A420-0B6F64A04D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*",
"matchCriteriaId": "BF3B9F15-3077-4BC5-9EC5-7416A9FBDC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "241CDE2B-ABD0-4EFF-8D73-1766E32FA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "14D63E3F-A431-4DD8-979F-811E8DAC423D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]