In a world where cybermenaces are increasing and constantly evolving, each new security flaw represents a potential breach with devastating consequences. In January 2025, Microsoft revealed CVE-2025-21298, a critical vulnerability at the heart of Outlook, operated by hackers to execute malicious remote code. A threat all the more alarming since it requires no user interaction, transforming a simple email into a vector of silent attack.
A critical vulnerability identified under the name of CVE-2025-212988
Noted 9.8 out of 10 on the CVSS gravity scale according to Offsec, this vulnerability is based on a weakness of the Windows Object Linking and Embedding Protocol (OLE), used to integrate and link objects between applications. A simple preview of a trapped email is enough to trigger the execution of a remote malicious code, without additional user interaction.
The hackers exploit a dysfunction in the ol32.dll library, precisely in the utolepresstmtocontentsstm function. This fault makes it possible to inject code into an OLE flow and to run it directly on the target computer, thus opening a door to cybercriminals to access the data and manipulate the system remotely.
How hackers use this fault in Outlook
Vulnerability is particularly alarming due to its simplicity of exploitation. Pirates send emails containing malicious RTF files. When a user opens or flies up the email in the Outlook preview pane, the code is automatically executed. A “zero-click” method which makes the attack all the more formidable.
Outlook is diverted as a communication tool between hackers and malware thanks to this CVE-2025-21298 vulnerability. The finalized malware, for example, uses drafts of emails to receive instructions and send stolen data, thus escaping antivirus.
Elastic Security Labs reports that hackers place orders in drafts called “R_” and recover the answers in “p_” drafts, deleting each trace after use, as reported by 01net.
A major risk for users and companies
A successful exploitation of this fault exposes to many risks. Hackers can access files and modify data. They can also delete them or install malicious programs. Some even create new accounts with high privileges. The Elastic Security Labs report specifies that an South American Ministry of Foreign Affairs has already been targeted. This attack demonstrates the severity of the threat.
Companies are particularly vulnerable because intrusion can lead to a massive flight of data, industrial spying or attacks by ransomware. According to Microsoft, relayed by Notebookcheck, all recent versions of Windows, including Windows 10, 11 and Server, are concerned.
What are the solutions to protect yourself?
Faced with this threat, Microsoft quickly deployed a correction via the January 2025 updates. The installation of this patch is essential to secure systems and block the exploitation of CVE-2025-21298.
In the meantime or in addition to the update, several measures can limit the risks:
- Show crude text emails to prevent the execution of potentially dangerous content
- Disable the preview pane in Outlook
- Restress or deactivate the NTLM protocol on internal networks
- Systematically check the origin of emails and attachments before opening them
Experts also recommend the use of detection rules such as SIGMA to identify suspicious interactions with RTF files, often used in this type of attack.
The CVE-2025-21298 affair recalls the importance of maintaining your software up to date and adopting rigorous cybersecurity practices. While hackers perfect their techniques, users must redouble their vigilance to protect their data and systems.
With an unwavering passion for local news, Christopher leads our editorial team with integrity and dedication. With over 20 years’ experience, he is the backbone of Wouldsayso, ensuring that we stay true to our mission to inform.
