Update February 14, 16:50 EST: Article and title revised after Microsoft retracted the "active exploitation" update added to the CVE-2024-21413 advisory.

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.

Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, this bug leads to remote code execution (RCE) when opening emails with malicious links using a vulnerable Microsoft Outlook version.