CVE-2024-20670

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Apr 9, 2024
Updated: Jan 8, 2025
CWE ID 20

Summary

CVE-2024-20670 is a newly disclosed spoofing vulnerability affecting Outlook for Windows. Attackers can exploit this issue to manipulate email addresses in the display name, potentially deceiving users into revealing sensitive information or downloading malicious content. This vulnerability poses a significant risk to organizations and individuals who rely on Outlook for email communication. Microsoft is currently working on a patch to address this issue and users are encouraged to apply it as soon as it becomes available. Until then, it is recommended to exercise caution when opening emails from unfamiliar sources and to verify email addresses before taking any action.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Office Outlook

Affected Vendors

  • Microsoft