Headline
Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office -
Microsoft Office 2016 for 32-bit edition and 64-bit editions Microsoft
Vulnerability / Enterprise Security
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors.
The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office -
- Microsoft Office 2016 for 32-bit edition and 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit and 64-bit editions
- Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems
- Microsoft Office 2019 for 32-bit and 64-bit editions
Credited with discovering and reporting the vulnerability are researchers Jim Rush and Metin Yunus Kandemir.
“In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability,” Microsoft said in an advisory.
“However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.”
A formal patch for CVE-2024-38200 is expected to be shipped on August 13 as part of its monthly Patch Tuesday updates, but the tech giant said it identified an alternative fix that it has enabled via Feature Flighting as of July 30, 2024.
It also noted that while customers are already protected on all in-support versions of Microsoft Office and Microsoft 365, it’s essential to update to the final version of the patch when it becomes available in a couple of days for optimal protection.
Microsoft, which has tagged the flaw with an “Exploitation Less Likely” assessment, has further outlined three mitigation strategies -
Configuring the “Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers” policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system
Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism
Block TCP 445/SMB outbound from the network by using a perimeter firewall, a local firewall, and via VPN settings to prevent the sending of NTLM authentication messages to remote file shares
The disclosure comes as Microsoft said it’s working on addressing two zero-day flaws (CVE-2024-38202 and CVE-2024-21302) that could be exploited to “unpatch” up-to-date Windows systems and reintroduce old vulnerabilities.
Earlier this week, Elastic Security Labs lifted the lid on a variety of methods that attackers can avail in order to run malicious apps without triggering Windows Smart App Control and SmartScreen warnings, including a technique called LNK stomping that’s been exploited in the wild for over six years.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.
A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach
Microsoft Office 2019 MSO build 1808 (16.0.10411.20011) and Microsoft 365 MSO version 2403 build 16.0.17425.20176 suffer from an NTLMv2 hash disclosure vulnerability.
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”
A researcher used two Windows vulnerabilities to perform downgrade attacks. These flaws have now been patched by Microsoft
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday
The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP.
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302