Microsoft fixes dangerous zero-click Outlook remote code execution exploit

“An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files,” the company said.

The arbitrary code execution occurs with the privileges of the current user, so, in order to fully take over a system, attackers would have to combine it with a privilege escalation flaw. The researchers who found this vulnerability claim to have found a second one that will be included in their DEF CON presentation, but which has not been patched yet.

Attackers have exploited Outlook vulnerabilities before in the wild, as email is the primary vector for distributing malware. Even APT groups have exploited Outlook flaws before including zero-click ones.