Patch

CVE-2025-21298

with vRx

Vulnerability Overview

CVE Name

CVE-2025-21298

Severity

9.8

Critical

CVE Description

Windows OLE Remote Code Execution Vulnerability

Show less

Latest Patch info

There is no patch available at the moment, but you can use our script.

Patch Name

secure@microsoft.com

Date

14.01.2025

Script

Script Type

Remediation script

Copy script

❗ CVE-2025-21298 is a critical vulnerability in Windows OLE that enables remote code execution with a CVSS score of 9.8. This vulnerability can be exploited by attackers through specially crafted emails sent to users of Microsoft Outlook. Simply opening or previewing the malicious email can trigger arbitrary code execution on the victim's system, potentially granting the attacker unauthorized control. ℹ️ This mitigation script works as follows: Version Identification: Locates installed Outlook version in registry. Validates Outlook presence in detected path. Ensures compatibility across versions 2003-2023. Security Implementation: Creates necessary registry paths if missing. Forces plain text reading for all email types. Sets required registry values with proper DWORD type. Setting Verification: Confirms each security setting after application. Validates all values match expected secure state. Reports success/failure for each configuration item. Error Handling: Manages missing paths or permissions issues. Provides detailed feedback on any failures. ✅ By running this mitigation script, you can enforce plain text email reading across all message types in Outlook, effectively reducing exposure to CVE-2025-21298.

Read less

function Set-OutlookPlainTextSecurity {
    try {
        Write-Host "Starting Outlook Plain Text Security Mitigation..." -ForegroundColor Cyan

# Define possible Office versions and their registry paths
        $officeVersions = @(
            "16.0", # Office 2016, 2019, 2021, 365
            "15.0", # Office 2013
            "14.0", # Office 2010
            "12.0", # Office 2007
            "11.0"  # Office 2003
        )

# Find installed Outlook version
        $registryBase = "HKCU:\Software\Microsoft\Office"
        $outlookPath = $null
        $versionFound = $null

foreach ($version in $officeVersions) {
            $testPath = Join-Path $registryBase $version
            if (Test-Path $testPath) {
                # Verify this version has Outlook installed
                $outlookTestPath = Join-Path $testPath "Outlook"
                if (Test-Path $outlookTestPath) {
                    $outlookPath = Join-Path $outlookTestPath "Options\Mail"
                    $versionFound = $version
                    break
                }
            }
        }

if (-not $outlookPath) {
            Write-Host "No supported Outlook version found!" -ForegroundColor Red
            return $false
        }

Write-Host "Found Outlook version $versionFound" -ForegroundColor Green

# Create registry path if it doesn't exist
        if (!(Test-Path $outlookPath)) {
            New-Item -Path $outlookPath -Force | Out-Null
            Write-Host "Created Outlook registry path" -ForegroundColor Green
        }

# Settings to enforce
        $requiredSettings = @{
            "ReadAsPlain" = 1
            "ReadSignedAsPlain" = 1
            "ReadRichTextAsPlain" = 1
            "ReadHTMLAsPlain" = 1
        }

# Apply security settings
        Write-Host "Applying security settings..." -ForegroundColor Cyan
        foreach ($setting in $requiredSettings.GetEnumerator()) {
            try {
                Set-ItemProperty -Path $outlookPath -Name $setting.Key -Value $setting.Value -Type DWORD -Force
                Write-Host "Successfully set $($setting.Key)" -ForegroundColor Green
            }
            catch {
                Write-Host "Error setting $($setting.Key): $_" -ForegroundColor Red
                return $false
            }
        }

# Verify settings
        Write-Host "`nVerifying security settings..." -ForegroundColor Cyan
        $verified = $true
        foreach ($setting in $requiredSettings.GetEnumerator()) {
            try {
                $value = (Get-ItemProperty -Path $outlookPath -Name $setting.Key).$($setting.Key)
                if ($value -ne $setting.Value) {
                    Write-Host "Verification failed for $($setting.Key)" -ForegroundColor Red
                    $verified = $false
                }
            }
            catch {
                Write-Host "Verification failed for $($setting.Key): Setting not found" -ForegroundColor Red
                $verified = $false
            }
        }

if ($verified) {
            Write-Host "`nMitigation completed successfully for Outlook version $versionFound!" -ForegroundColor Green
 
        }
        else {
            Write-Host "`nMitigation failed - some settings could not be verified" -ForegroundColor Red

}
    }
    catch {
        Write-Host "Critical error during mitigation: $_" -ForegroundColor Red
        Write-Host "Error details: $($_.Exception.Message)" -ForegroundColor Red
        return $false
    }
}

# Run the mitigation
Set-OutlookPlainTextSecurity

Copy script

Affected OS & Apps

Windows Server 2025

Microsoft

Windows 11 24H2

Microsoft

Windows Server 2022 23H2

Microsoft

4.8

Patch faster and smarter
with vRx

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Trusted by 600+ customers:

Solution

‍Remediate faster with vRx

Patch Management

vRx automatically deploys patches across all systems, cutting patching time by 80%.

Scripting Engine

vRx’s scripting engine solves complex vulnerabilities, like log4j, with built-in or custom scripts.

Patchless Protection

vRx’s Patchless Protection secures vulnerable apps and reduces risk while maintaining functionality.

Book a demo

4.9

4.8

4.9

Hear from our Customers

Valuable resources saved

"Before vRx, we would spend countless hours manually finding and verifying patches. We saved so much time (and headache!)."

Anonymous IT Operations Lead

IT Operations Lead

Third-party software patching is the most valuable feature.

"We have automated third-party patching on specific software, improving efficiency by 80%. vRx has reduced our patching time, which has improved our operations. It is more robust than other solutions because it offers better third-party remediation."

Billy Turner

VP, Managed Technology & Services

Single source of truth, capable of handling any application in our fleet

"vRx gives a single pane of glass to see what patches needed to go out and what sort of vulnerabilities we have on our Windows machines. Our meantime to remediate vulnerabilities has gone down by about 60% to 70%."

Peter Fallowfield

IT Manager

60% faster remediation, many hours saved

"Typically, with our previous solution of ManageEngine, it took about three hours to patch Windows Server, and now, that is less than an hour. It means less downtime for the business each month when we do patches."

Anonymous Security Analyst

Security Analyst

Great patching capabilities, helpful dashboard, and excellent support

"vRx has saved us an incredible amount of time. We can just rely on the automated system and the schedules we've set. It's a huge time saver. It's saved us hundreds of hours."

Michael Cortez

Sr. Director of IT

My favorite feature is Patchless Protection

"With Vicarius' vRx, I've never seen a patch that failed or had to be rolled back. We're saving quite a bit of time. Our clients using vRx haven't had any issues, and they've easily established patching for all their endpoints. "

Jeremy Herman

Security Engineer

Unified vulnerability discovery, prioritization, and remediation

"Vicarius streamlines vulnerability management between IT & Security by directly linking identified vulnerabilities to required patches, enhancing efficiency. The automation process has saved at least 30 percent of our manual tasks."

Wayne Ajimine

Information Security Professional

Patchless Protection is an incredible technology!

"vRx reduces the time customers spend on patching by reducing the overhead on the administrators, allowing them to do additional work. It saves time they would spend addressing the patching process, follow-ups, etc."

Antwune Gray

VP IT Security and Services