A newly discovered critical security flaw in Microsoft Exchange Server has been actively exploited and is being tracked as CVE-2024-21410, with a CVSS score 9.8. The issue has been described as a case of privilege escalation impacting the Exchange Server.
A significant critical security issue in Outlook tracked as CVE-2024-21413 refers to a Remote Code Execution (RCE) vulnerability that exploits the Microsoft Outlook preview pane as an attack vector. Successful exploitation of this vulnerability would enable an attacker to bypass the Office Protected View and open in editing mode instead of protected mode. This vulnerability has a CVSS score of 9.8.