Did you ever receive an empty email and immediately think it might be a reconnaissance attack? What if opening such an email in your Outlook client could trigger remote code execution through an invisible form? Yes, all forms are COM objects, and CVE-2024-21378 has flung open the gates to Outlook RCE chaos.

In our session, “Outlook Unleashing RCE Chaos: CVE-2024-30103” we’ll dive into how this seemingly innocuous vulnerability can lead to mayhem. This vulnerability paved the way for us to discover a series of new remote code execution vulnerabilities in Outlook, including CVE-2024-30103. But we’re not stopping there.

Additionally, we’ll uncover other vulnerabilities that can cause NTLM leaks from your domain-joined devices.

So, how did we get here? Join us as we construct an evolution timeline of this attack surface. From the origins of these exploits to their current incarnations, we’ll cover it all. And because we believe in building a safer digital world, we’ll conclude with specific, actionable recommendations on how to minimize these threats.

Did you ever receive an empty email and immediately think it might be a reconnaissance attack? What if opening such an email in your Outlook client could trigger remote code execution through an invisible form? Yes, all forms are COM objects, and CVE-2024-21378 has flung open the gates to Outlook RCE chaos.

In our session, “Outlook Unleashing RCE Chaos: CVE-2024-30103” we’ll dive into how this seemingly innocuous vulnerability can lead to mayhem. This vulnerability paved the way for us to discover a series of new remote code execution vulnerabilities in Outlook, including CVE-2024-30103. But we’re not stopping there.

Additionally, we’ll uncover other vulnerabilities that can cause NTLM leaks from your domain-joined devices.

So, how did we get here? Join us as we construct an evolution timeline of this attack surface. From the origins of these exploits to their current incarnations, we’ll cover it all. And because we believe in building a safer digital world, we’ll conclude with specific, actionable recommendations on how to minimize these threats.

Did you ever receive an empty email and immediately think it might be a reconnaissance attack? What if opening such an email in your Outlook client could trigger remote code execution through an invisible form? Yes, all forms are COM objects, and CVE-2024-21378 has flung open the gates to Outlook RCE chaos.

In our session, “Outlook Unleashing RCE Chaos: CVE-2024-30103” we’ll dive into how this seemingly innocuous vulnerability can lead to mayhem. This vulnerability paved the way for us to discover a series of new remote code execution vulnerabilities in Outlook, including CVE-2024-30103. But we’re not stopping there.

Additionally, we’ll uncover other vulnerabilities that can cause NTLM leaks from your domain-joined devices.

So, how did we get here? Join us as we construct an evolution timeline of this attack surface. From the origins of these exploits to their current incarnations, we’ll cover it all. And because we believe in building a safer digital world, we’ll conclude with specific, actionable recommendations on how to minimize these threats.