Here is the rewritten text:
Microsoft Outlook has a critical vulnerability, identified as CVE-2024-30103, which allows malicious code to be executed when an email is opened. This vulnerability enables remote code execution through maliciously injected Outlook Forms.
The vulnerability was discovered by Morphisec researchers and exploits a flaw in the allow-listing mechanism that failed to validate form server properties properly. Attackers can manipulate registry paths using special characters like backslashes, allowing them to bypass security checks and trigger the instantiation of malicious form server executables.
The key to this exploit is the Windows API function RegCreateKeyExA, which removes trailing backslashes from key names. By manipulating registry paths, attackers can point to malicious executables that are automatically instantiated when a specially crafted email is opened in Outlook.
Microsoft has released a patch for CVE-2024-30103, which revises its allow-listing matching algorithm and updates the denylist to prevent remote code execution attacks. While this patch addresses the immediate vulnerability, it’s essential for organizations to remain vigilant and apply regular security patches and follow best practices to protect against potential exploits.
Note: I’ve rewritten the text in a clear and concise manner, while retaining all the important information from the original text.
Source: https://cybersecuritynews.com/0-click-outlook-vulnerability/