CVE-2024-21413
Published Feb 13, 2024
Last updated 3 months ago
AI description
CVE-2024-21413 is a remote code execution (RCE) vulnerability affecting Microsoft Outlook. It stems from improper input validation when Outlook processes URLs, particularly those using the `file://` protocol and crafted URL structures. This vulnerability, also known as the "MonikerLink" bug, allows attackers to bypass security protections, such as the Office Protected View, and execute arbitrary code on a victim's machine by sending a malicious email. The vulnerability can be triggered even when previewing a maliciously crafted email. Successful exploitation could lead to remote code execution, theft of NTLM credentials, data exfiltration, data encryption, installation of malware, and potential full system compromise. It affects various versions of Microsoft Outlook, including Microsoft Office 2016, 2019, 2021, and Microsoft 365 Apps.
- Description
- Microsoft Outlook Remote Code Execution Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- 365_apps, office_2016, office_2019, office_long_term_servicing_channel
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Outlook Improper Input Validation Vulnerability
- Exploit added on
- Feb 6, 2025
- Exploit action due
- Feb 27, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-20
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
1️⃣ One character bypasses Microsoft security CVE-2024-21413: Add ! to a file:// link in Outlook. User clicks. Windows automatically leaks NTLM credentials. No download. No warning. CVSS 9.8 = critical. One character = Entire network compromised. https://t.co/p3ljypv97E
@SALIMASSILI2006
3 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
One character can steal your password. Just ! in a file:// link = Windows leaks NTLM credentials. CVE-2024-21413 | CVSS 9.8 Small detail = Massive impact. This is why SOC analysts obsess over "minor" things. #CyberSecurity #SOCAnalyst #ThreatIntel https://t.co/YI8IKuDhuR
@SALIMASSILI2006
3 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy new month 🎉 February is here and the grind continues. Wrapped up the Moniker Link module (CVE-2024-21413). Learned how Outlook can leak NTLM hashes via Moniker Links and how to defend against it. #Cybersecurity #LearningInPublic #TechJourney https://t.co/aYMQMi4qlx
@jeo_crypts
2 Feb 2026
55 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Discover how UAC-0028 exploits CVE-2024-21413 in Outlook to steal credentials and bypass defenses, with CERT-UA insights and actionable mitigations. 🌐 Explore the
@PurpleOps_io
2 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/xXyriTmL53 #tryhackme via @tryhackme
@SultryIce
31 Jan 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/yHnA3kLK5h #tryhackme via @tryhackme
@pooping4poops
30 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/0P3MEzDC6V #tryhackme via @tryhackme
@J3CHxP
27 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/h0icCCtgXX #tryhackme via @tryhackme
@mallox_318
25 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/l5wmJlWHhw #tryhackme via @tryhackme
@MrKiyan404
22 Jan 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 16: my journey on @tryhackme alongside @d4rk_intel > Moniker link Deep dive into CVE-2024-21413, Explored how crafted Outlook links bypass Protected View, enabling credential leaks and potential RCE, alongside detection and mitigation in a lab environment. #cybersecurit
@Azutech_
22 Jan 2026
349 Impressions
0 Retweets
7 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/40iFhXR2Lq #tryhackme via @tryhackme
@RedionMeta
20 Jan 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/n70Qrl6uev #tryhackme via @tryhackme
@JayeshV88153533
19 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/9dCBQQsCyk #tryhackme via @tryhackme
@genius_157
19 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 14: Moniker Link (CVE-2024-21413) > @tryhackme Today, I took out time to learn about the Moniker Link vulnerability > explored how it's exploited, detected, and fixed. Great to be back in the groove! #OSINT #Cybersecurity https://t.co/LIJx09QEhU
@d4rk_intel
17 Jan 2026
738 Impressions
1 Retweet
13 Likes
3 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/US7q3Y4PPk #tryhackme via @tryhackme
@L30_N30_THM
17 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MONIKER LINK _CVE-2024-21413(DEMO) CAPTURING NTLM HASH VIA HYPERLINK INJECTION TOOL:RESPONDER https://t.co/v1I1mtoLPK
@h4ruk7
14 Jan 2026
638 Impressions
0 Retweets
10 Likes
5 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/kdGmfz1cBy #tryhackme via @tryhackme
@thisguycanhack
11 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 10: Completed Moniker Link (CVE-2024-21413) on TryHackMe. Explored how this Windows shortcut vulnerability can be abused to bypass security protections and enable malicious code execution. @purpullgirl #TryHackMe #HandsOn #CyberSecurity https://t.co/3Qvqe04rSd
@Aboda_lateria
11 Jan 2026
130 Impressions
1 Retweet
7 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/6OoOdgvUKm #tryhackme via @tryhackme
@fwdFLASH
11 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/LFKT7KHxDz #tryhackme via @tryhackme #tryhackme #CVE #leakcredentials #learning
@LittleSun4lower
10 Jan 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe! Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/QY0l0OLzhN #tryhackme via @tryhackme
@CyberKoroc
10 Jan 2026
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Day 2 of my #ZeroToProHacker journey. Today I learned what Moniker Link (CVE-2024-21413) is and how it can be used to capture NetNTLMv2 hashes by sending a crafted link that forces the victim to authenticate to an attacker-controlled SMB share https://t.co/l2ppfCJb9b
@JaatYogesh57183
5 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21413 breakdown: Outlook + file:// link + ! character = NTLM credential leak. No download. No malware. Just one click. Windows automatically tries to authenticate to the attacker's server. Credentials sent. This is why security isn't about "big vulnerabilities." https://
@SALIMASSILI2006
4 Jan 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. https://t.co/eBUehYQIq0 #tryhackme via @tryhackme
@AhmedZerocool
2 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/BanSFr7u6X #tryhackme via @tryhackme
@CHIKA_DIBIA24
27 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/OTwhrggLxr #tryhackme via @tryhackme
@gpmohanraj_2003
22 Dec 2025
64 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/lwvEaiiCj1 #tryhackme via @tryhackme
@VoiceJustdoit
15 Dec 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/ua61gJ8gHv #tryhackme via @tryhackme
@BroodaShah
12 Dec 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#RaiseTech #tryhackme 🌟2025.12.06(夜) 《THM》DAY12:Moniker Link (CVE-2024-21413):1時間 ✍感想 ・Outlookで、リンクをクリックしての脆弱性(PoC)について学びました。 ・定期的にアップデートを心掛ける。 ・Pythonは
@akky743793
6 Dec 2025
89 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#100DaysOfCybersecurity Day 4/100: My Security + exam is next Monday! - Did 25 questions for my upcoming Security + exam from Dark Bird Tech Channel on Youtube - TryHackMe: Finished Moniker Link (CVE-2024-21413) room from CyberSecurity 101 path and AI in Security - old
@thecybernovice
4 Dec 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/jxI0rtja03 #tryhackme via @tryhackme #CyberSecurity #tryhackme
@SALIMASSILI2006
3 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای outlook آسیب پذیری با کد شناسایی CVE-2024-21413 از نوع RCE منتشر شده است که به هکرها امکان اجرای کد روی سیستم آسیب پذیر از طریق دستکاری ایمیل را می دهد. این آسیب پذ
@AmirHossein_sec
2 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Confirmado: PoC liberado + explotación activa del RCE en Outlook (CVE-2024-21413). Riesgo máximo: robo de NTLM y control total del sistema. Parchear es urgente. En LUER te ayudamos. #Ciberseguridad #Outlook #RCE https://t.co/qmsokZd4iQ
@Luer_CS
2 Dec 2025
81 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Ya existe un exploit público para un fallo crítico de Outlook Microsoft corrigió hace meses una vulnerabilidad muy grave en Outlook (CVE-2024-21413, severidad 9.8). Ahora apareció un PoC público: código que demuestra cómo explotarla. Cuando eso pasa otros actore
@CycuraMX
1 Dec 2025
8116 Impressions
39 Retweets
128 Likes
58 Bookmarks
2 Replies
0 Quotes
Outlookの遠隔コード実行脆弱性MonikerLink (CVE-2024-21413)に対応するPoC(攻撃の概念実証コード)が公表された。OulookのプレビューペインからゼロクリックでNTLMハッシュを抜ける。 https://t.co/gORtmBe6Bt
@__kokumoto
1 Dec 2025
1076 Impressions
2 Retweets
3 Likes
5 Bookmarks
0 Replies
0 Quotes
A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. #cybersecurity https://t.co/yvuT426D1S
@dan_covic
1 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 PoC Exploit Released For Outlook 0-Click Remote Code Execution Vulnerability Source: https://t.co/zpeuGMQuHa A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413
@The_Cyber_News
1 Dec 2025
30338 Impressions
129 Retweets
363 Likes
192 Bookmarks
6 Replies
0 Quotes
Outlookの深刻なRCE脆弱性を悪用するPoCが公開され、保護ビューをすり抜けてコード実行や認証情報漏えいを招く攻撃手法が明らかになった。クリックだけで被害に至る可能性があるため警戒が必要だ。 問題のC
@yousukezan
1 Dec 2025
10125 Impressions
29 Retweets
90 Likes
57 Bookmarks
0 Replies
5 Quotes
GitHub - mmathivanan17/CVE-2024-21413: Outlook exploitation https://t.co/rm5h2PquJ7
@akaclandestine
30 Nov 2025
1910 Impressions
8 Retweets
22 Likes
9 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/IBtyxaJ3ev #tryhackme via @tryhackme @ireteeh
@bajboybountyII
27 Nov 2025
84 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/buqo7zYsOU #tryhackme via @tryhackme
@AdamNugent28159
26 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I completed the Moniker Link (CVE-2024-21413) room on TryHackMe, where I learned how the vulnerability works, how it bypasses Outlook’s Protected View, and how it can be used to leak user credentials https://t.co/MY5MhXOGJt #tryhackme via @tryhackme
@omo_aremu_
26 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/jF4kHDHiVW #tryhackme via @tryhackme
@Ezekieluche_
25 Nov 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/hqqd207JHR #tryhackme via @tryhackme
@Martinko228O
25 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/MKME4nuYNW #tryhackme @tryhackmeより
@GrapheneHackSec
25 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/QVMfDrtaeH #tryhackme via @tryhackme
@0xTreasureSec
23 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/1K9slMn9qQ #tryhackme via @tryhackme
@terrorCHrist
23 Nov 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View. https://t.co/NH4KSXymnD #tryhackme via @tryhackme
@0xiv4n
16 Nov 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#tryhackme「Moniker Link (CVE-2024-21413)」ルームをクリアしました! 簡単なHTMLリンクがどのようにしてOutlookの保護ビューを回避し、SMB経由でNTLMv2ハッシュを漏洩するのかを知ることができました。 https://t.co/bP0NO1YeMH
@vivi_cyber
16 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Moniker Link (CVE-2024-21413) room on TryHackMe. It was really interesting to learn how a simple HTML hyperlink could bypass Outlook’s Protected View and leak NTLMv2 hashes through SMB. https://t.co/bP0NO1YeMH #tryhackme via @tryhackme #CybersecurityTraining
@vivi_cyber
16 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "45A9ECE7-F173-47AB-A420-0B6F64A04D21"
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BF3B9F15-3077-4BC5-9EC5-7416A9FBDC70"
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "241CDE2B-ABD0-4EFF-8D73-1766E32FA20F"
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "14D63E3F-A431-4DD8-979F-811E8DAC423D"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
}
],
"operator": "OR"
}
]
}
]