Outlook security vulnerability: Microsoft reports 3 hacker attacks in February 2024

We already reported on the CVE-2024-21413 vulnerability in Microsoft Outlook in our previous news article. Shortly after this incident, Microsoft reported two further hacker attacks in February. The first was a critical vulnerability in the Outlook Exchange server, which was exploited as a zero-day. The second was a Windows Defender bug that allowed the already known criminal group “Water Hydra Group” to inject a Trojan.

On 14.02. Microsoft announced in a security advisory that a critical vulnerability in Exchange Server had been exploited for a large-scale zero-day attack. The vulnerability is named CVE-2024-21410 and was fixed as part of Patch Tuesday in February.

The vulnerability allowed attackers to take control of a network device and authenticate themselves as an authorized user to an NTLM relay server. This made it possible to extend the rights and carry out operations on the Exchange server on behalf of the victim.

Official announcement from Microsoft: CVE-2024-21410 – Security Update Guide – Microsoft – Privilege escalation vulnerability in Microsoft Exchange Server

The Water Hydra Group exploited a Microsoft vulnerability(CVE-2023-36025), which was actually patched in November 2023 and allowed Windows security queries to be bypassed when opening URL files. The vulnerability was then exploited to install the malware Phemedrone, which was designed to steal information from users.

This zero-day vulnerability has now been used again by the Water Hydra Group to carry out attacks on financial market players who trade with high stakes on the foreign exchange market. The aim was to steal data or use ransomware at a later date.

The hackers of the Water Hydra Group have already exploited zero-day vulnerabilities in the past, e.g. in the WinRAR software, which has over 500 million users. The cyber criminals attempted to compromise trading accounts with this action.

Official announcement from Microsoft: CVE-2023-36025 – Security Update Guide – Microsoft – Security feature bypass vulnerability in Windows SmartScreen

Microsoft software, especially the Outlook email service, is a popular target for cybercriminals, as the Office package is used by the majority of private individuals and companies worldwide. This is accompanied by the expectation of many people that products manufactured by Microsoft must automatically have a high level of security. However, this is only partially true.

Although Microsoft’s security precautions are by no means inadequate, the company is not a proven email security expert, for example, but an all-rounder in many areas. How the EOP (Exchange Online Protection) anti-spam software integrated in Outlook protects you users from the majority of threats such as phishing, malware and ransomware. However, companies in particular need more far-reaching protection for their email communication in order to adequately safeguard themselves against cyber attacks and data theft.

Here are three examples of risks that you should be aware of when using Microsoft Outlook.

Microsoft advertises a spam detection rate of 99% for its e-mail security service EOP. Specialized e-mail security solutions, on the other hand, achieve peak values of up to over 99.99%. A clear difference when you consider the daily flood of emails in companies.

In the German terms of use, Microsoft only guarantees the defense against spam in German or English.

Zero-day attacks are new types of spam that cannot be identified at the time of the attack – at least not by conventional anti-spam software such as Microsoft EOP. The risk of (as yet) unknown viruses, which can quickly put companies’ internal IT systems to the test, is correspondingly high.