Critical “Zero-Click” Vulnerability Discovered in Microsoft Windows OLE Technology
Cybersecurity is becoming an increasingly pressing issue today. A new dangerous vulnerability has been discovered in Microsoft Windows, one of the world’s most widely used operating systems. This vulnerability, registered under the code CVE-2025-21298, presents a security flaw in Microsoft’s Object Linking and Embedding (OLE) technology.
Experts emphasize that this vulnerability belongs to the zero-click category, meaning that it can be exploited without any user interaction. According to the CVSS risk assessment, it has been rated 9.8 out of 10, classifying it as an extremely serious threat.
By exploiting CVE-2025-21298, attackers can carry out Remote Code Execution (RCE) attacks through Microsoft Outlook and other applications.
Technical Details of the Vulnerability
The CVE-2025-21298 vulnerability resides in the ole32.dll library and is caused by an error in the UtOlePresStmToContentsStm function. This function is responsible for processing OLE objects in Rich Text Format (RTF) documents but contains a flaw that leads to memory corruption.
Hackers can exploit this vulnerability by sending a specially crafted malicious RTF file via email. The most dangerous aspect of this vulnerability is that a user can be compromised simply by opening the email or even by previewing it in Outlook.
Statement from OffSec Researchers
OffSec researchers made the following statement:
“As soon as a user opens a malicious email in Microsoft Outlook’s preview mode, the vulnerability is triggered, allowing an attacker to execute arbitrary code on the affected system.”
This vulnerability falls under the CWE-416 (Use After Free) category, meaning that the program incorrectly accesses memory that has already been freed, potentially leading to arbitrary code execution.
If successfully exploited, an attacker can:
🔹 Install programs on the system.
🔹 Access or modify sensitive data.
🔹 Create new administrator-level user accounts.
🔹 Gain full control over the system.
PoC Code Released on GitHub
A Proof-of-Concept (PoC) exploit demonstrating this vulnerability has already been published on GitHub, making the threat even more severe as potential attackers now have access to exploit code.
Which Systems Are Affected?
Experts have confirmed that CVE-2025-21298 affects the following operating systems:
✔ Windows 10
✔ Windows 11
✔ Windows Server 2016 / 2019 / 2022
Microsoft Outlook users are particularly at risk since this vulnerability can be exploited via email.
Patch and Security Measures
Microsoft has patched this vulnerability as part of the January 2025 Patch Tuesday security updates.
If you haven’t installed the updates yet, it is highly recommended that you apply Microsoft’s security patches as soon as possible.
Additionally, you should follow these preventive measures:
✅ Avoid opening RTF files – Do not open RTF files from unknown sources.
✅ Disable RTF support in Outlook – Switch Outlook to plain text mode to prevent automatic execution of OLE objects.
✅ Follow the principle of least privilege – Limit user permissions to reduce the impact of compromised accounts.
✅ Use Sigma rules for monitoring – Track suspicious processes interacting with RTF or DLL files.
✅ Use antivirus and security tools – Leverage Microsoft Defender or other advanced security solutions.
✅ Perform memory analysis – Use tools like WinDbg to detect and analyze memory exploits.
CVE-2025-21298 is one of the most severe vulnerabilities found in Microsoft Windows’ OLE technology. Since this vulnerability has zero-click capabilities, users can be attacked without any interaction on their part.
This incident highlights the fact that legacy technologies remain a key target for modern hackers. Therefore, both IT professionals and regular users must keep their systems updated, avoid opening suspicious files, and strengthen security measures.
In today’s digital landscape, effective cybersecurity depends on timely updates and strict adherence to security protocols. Microsoft has released patches, and installing them immediately is one of the most critical steps in protecting your system.
