Outlook Vulnerability CVE-2017-11774 Still Exploitable Despite Patch

29 Jul 2024

Microsoft Outlook has recently emerged as a potential vector for remote code execution, thanks to a new post-exploitation framework named Specula, unveiled by cybersecurity firm TrustedSec. This innovative command-and-control (C2) framework exploits a vulnerability in Outlook, specifically CVE-2017-11774, which is a security feature bypass that was patched back in October 2017.

Exploiting the Vulnerability

According to Microsoft, the vulnerability can be exploited in a file-sharing attack scenario. An attacker could craft a malicious document file designed to take advantage of this flaw and persuade users to open and interact with it. Despite Microsoft’s efforts to mitigate the risk by removing the user interface for displaying Outlook home pages, attackers have found a way to create harmful home pages through Windows Registry values. This is particularly concerning for systems running the latest Office 365 builds.

TrustedSec elaborates that Specula operates entirely within Outlook’s context. By setting a custom Outlook home page through registry keys, it can connect to an interactive Python web server. Non-privileged threat actors can manipulate Outlook’s WebView registry entries located at HKEYCURRENTUSERSoftwareMicrosoftOffice16.0OutlookWebView to point to an external website under their control.

The attacker-controlled Outlook home page is engineered to serve custom VBScript files, enabling the execution of arbitrary commands on compromised Windows systems. TrustedSec noted, “We have been able to leverage this specific channel for initial access in hundreds of clients despite the existing knowledge and preventions available for this technique.”

When a custom home page is established via the outlined registry keys, Outlook will download and display the HTML page instead of the usual mailbox elements such as inbox or calendar. This allows the execution of VBScript or JScript within a privileged context, granting nearly full access to the local system as if using cscript or wscript.exe.

Although a device must first be compromised to set the Outlook Registry entry, once established, this technique can be utilized for persistence and lateral movement across other systems. Given that outlook.exe is a trusted process, it facilitates evasion of existing security measures as commands are executed seamlessly.

This vulnerability is not new; U.S. Cyber Command (US CyberCom) had previously warned about the risks associated with CVE-2017-11774, which was exploited to target U.S. government agencies. Security researchers from Chronicle, FireEye, and Palo Alto Networks later associated these attacks with the Iranian-sponsored APT33 cyber espionage group.

FireEye cybersecurity researchers noted, “FireEye first observed APT34 use CVE-2017-11774 in June 2018, followed by adoption by APT33 for a significantly broader campaign beginning in July 2018 and continuing for at least a year.”

Why can't I log into Microsoft Outlook?

There are several reasons why you might not be able to log into Microsoft Outlook. Common issues include incorrect login credentials (username or password), internet connectivity problems, outdated application versions, account lockouts due to multiple incorrect login attempts, or issues with the Outlook server. It's also possible that your account has been compromised or temporarily suspended. Ensure you are entering the correct credentials, check your internet connection, and try resetting your password if necessary.

How do I add my signature on Microsoft Outlook?

To add a signature in Microsoft Outlook, follow these steps: 1. Open Outlook and go to the 'File' menu. 2. Select 'Options' and then 'Mail'. 3. Click on 'Signatures'. 4. In the 'Email Signature' tab, click 'New' and enter a name for your signature. 5. In the 'Edit signature' box, type the text you want to include in the signature. You can also format the text, add images or links. 6. Choose the default signature settings for new messages and replies/forwards if needed. 7. Click 'OK' to save your signature.

Update: 29 Jul 2024

Regain Outlook PST Converter

Regain Outlook PST Converter download for free to PC or mobile

Latest update Regain Outlook PST Converter download for free for Windows PC or Android mobile

4
799 reviews
3786 downloads

News and reviews about Regain Outlook PST Converter

Regain Outlook PST Converter photo 1

04 May 2025

Outlook Enhances Productivity with Seamless Integration

Outlook's native applications and seamless integration with Microsoft ecosystem elevate productivity. Discover how its Focused Inbox and integrated calendars foster a clutter-free, streamlined email experience.

Read more
Regain Outlook PST Converter photo 2

29 Jul 2024

Outlook Vulnerability CVE-2017-11774 Still Exploitable Despite Patch

Microsoft Outlook's CVE-2017-11774 vulnerability allows remote code execution via the Specula framework. Despite a 2017 patch, it remains exploitable in file-sharing attacks. Attackers can manipulate WebView registry entries, enabling arbitrary command execution and persistence across systems.

Read more
Regain Outlook PST Converter photo 3

10 Jul 2024

Microsoft Announces Key Updates for Teams, Outlook, and Forms Users

Microsoft Teams will enhance performance for Edge and Chrome users starting August and October, respectively. New features include breakout room selection, bidirectional translation in Teams Live Interpretation, and a CTRL + Y shortcut in Outlook. Microsoft Forms adds quiz solutions and answer validation.

Read more
All Regain Outlook PST Converter news and updates