1. InfoconDB
  2. DEF CON
  3. DEF CON 32 (2024)
  4. Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021

Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021

Presented at DEF CON 32 (2024), Aug. 9, 2024, 4 p.m. (45 minutes).

Did you ever receive an empty email and immediately think it might be a reconnaissance attack? What if opening such an email in your Outlook client could trigger remote code execution through an invisible form? Yes, all forms are COM objects, and CVE-2024-21378 has flung open the gates to Outlook RCE chaos. In our session, "Outlook Unleashing RCE Chaos: CVE-2024-30103" we'll dive into how this seemingly innocuous vulnerability can lead to mayhem. This vulnerability paved the way for us to discover a series of new remote code execution vulnerabilities in Outlook, including CVE-2024-30103. But we’re not stopping there. Additionally, we'll uncover other vulnerabilities that can cause NTLM leaks from your domain-joined devices. So, how did we get here? Join us as we construct an evolution timeline of this attack surface. From the origins of these exploits to their current incarnations, we'll cover it all. And because we believe in building a safer digital world, we'll conclude with specific, actionable recommendations on how to minimize these threats. 1. [link](https://www.netspi.com/blog/technical-blog/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/) 2. [link](https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/) 3. [link](https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api) 4. [link](https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes) 5. [link](https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/) 6. [link](https://sensepost.com/blog/2017/outlook-forms-and-shells/)

Presenters:

  • Michael Gorelik - Founder at Morphisec
    Michael has amassed over twenty years of experience in the cybersecurity industry, with a decade at Morphisec where he pioneered Moving Target Defense within Endpoint Security. Prior to founding Morphisec, he collaborated on numerous security projects with Deutsche Telekom and Ben-Gurion University laboratories. His expertise spans roles as a reverser, malware researcher, penetration tester, and vulnerability researcher. Michael holds more than seven patents and a Master of Science degree in Computer Science from Ben-Gurion University, Israel. He has worked with the FBI on several significant cybersecurity cases and identified critical privilege escalation exploits in various endpoint security vendors. Michael is a seasoned speaker at industry conferences and led his team to uncover one of the largest supply chain attacks, the CCleaner incident.
  • Arnold Osipov - Distinguished Malware Researcher at Morphisec
    Arnold is a distinguished malware researcher at Morphisec, renowned for discovering new categories of malware, including the Jupyter and Chaos info stealers among others. His groundbreaking work has significantly advanced understanding and mitigation of emerging malware threats. Arnold has presented his findings at various BSides events throughout Europe, establishing himself as a knowledgeable and engaging speaker. His research continues to push the boundaries of cybersecurity, enhancing both Morphisec’s capabilities and the broader security landscape.

Similar Presentations: