A vulnerability in Microsoft Outlook allowed threat actors to distribute malware via email
The bug abuses the Windows Object Linking and Embedding function
A patch is already available, and users are advised to apply it ASAP
Microsoft has released a patch for a critical vulnerability that allowed threat actors to distribute malware through its Outlook email client – and given the severity of the flaw, users are advised to install the patch immediately.
In a security advisory, Microsoft detailed CVE-2025-21298, a use-after-free vulnerability with a severity score of 9.8/10 (critical). Use after free is a vulnerability in which threat actors are able to use previously freed memory, which allows them to corrupt valid data, or in this scenario – distributing malware remotely.
