A DEF CON 32 conference talk explores the critical security vulnerability CVE-2024-30103 in Microsoft Outlook, demonstrating how seemingly harmless empty emails can trigger remote code execution through invisible forms. Dive into the technical analysis of how COM objects in forms create security gaps, leading to the discovery of multiple remote code execution vulnerabilities. Learn about additional security issues causing NTLM leaks from domain-joined devices, and follow the evolution timeline of this attack surface from its origins to current manifestations. Through detailed demonstrations and patch analysis, understand the role of monikers and form registration in these exploits. Gain practical, actionable recommendations for minimizing these security threats and protecting against potential attacks. The presentation includes live demonstrations and in-depth technical explanations of the vulnerability's mechanics, making it valuable for security professionals and system administrators responsible for maintaining secure email environments.
Overview
Syllabus
Introduction
Forms
Form Registration
Relative Path
Demo
Patch
What are monikers
Patch analysis
Taught by
DEFCONConference