CVE-2024-42220 – A library injection vulnerability in Microsoft ... (How to Fix)

Q: What is the severity of CVE-2024-42220?

CVE-2024-42220 has a CVSS score of 7.1 (HIGH). A library injection vulnerability in Microsoft Outlook for macOS allows malicious applications to inject code and leverage Outlook's permissions, potentially bypassing security controls. This affects users running Outlook 16.83.3 on macOS systems where malicious applications can execute.

📋 TL;DR

A library injection vulnerability in Microsoft Outlook for macOS allows malicious applications to inject code and leverage Outlook's permissions, potentially bypassing security controls. This affects users running Outlook 16.83.3 on macOS systems where malicious applications can execute.

💻 Affected Systems

Products:

Microsoft Outlook

Versions: 16.83.3

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires a malicious application to be present on the system and able to inject libraries into Outlook processes.

📦 What is this software?

Outlook by Microsoft

View all CVEs affecting Outlook →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Outlook's permissions allowing unauthorized access to email data, contacts, and system resources, potentially leading to data exfiltration or further system compromise.

🟠

Likely Case

Limited privilege escalation where a malicious application gains access to Outlook's data and functionality without proper authorization.

🟢

If Mitigated

Minimal impact if proper application sandboxing and security controls prevent malicious library injection.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or ability to run malicious applications on the target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft security updates for patched version

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42220

Restart Required: Yes

Instructions:

1. Open Microsoft AutoUpdate 2. Check for updates 3. Install available Outlook updates 4. Restart Outlook

🔧 Temporary Workarounds

Restrict application execution

macOS

Use macOS Gatekeeper and application whitelisting to prevent unauthorized applications from running.

sudo spctl --master-enable
sudo spctl --enable --label "Developer ID"

🧯 If You Can't Patch

Implement strict application control policies to prevent unauthorized applications from executing
Monitor for suspicious library injection attempts using endpoint detection tools

🔍 How to Verify

Check if Vulnerable:

Check Outlook version in About Outlook dialog or run: /Applications/Microsoft\ Outlook.app/Contents/MacOS/Outlook --version

Check Version:

/Applications/Microsoft\ Outlook.app/Contents/MacOS/Outlook --version

Verify Fix Applied:

Verify Outlook version is updated beyond 16.83.3 and check Microsoft security update logs

📡 Detection & Monitoring

Log Indicators:

Unexpected library loads in Outlook process
Suspicious application launches

Network Indicators:

Unusual Outlook process network connections

SIEM Query:

process_name:"Outlook" AND event_type:"library_load" AND library_path NOT IN [expected_libraries]

📊 Metadata

CVE ID: CVE-2024-42220

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-347

Published: December 18, 2024

Last Updated: August 22, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1972 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1972 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1972 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42220, you might also want to check these: