Microsoft has made public an unpatched zero-day vulnerability in Office that, in the wrong hands, may allow malicious parties to obtain personal information without authorization.
Microsoft has revealed an unpatched zero-day vulnerability in Office that, if used effectively, could lead to the unlawful exposure of private data to malevolent parties.
The vulnerability, identified as CVE-2024-38200 (CVSS score: 7.5), is a spoofing issue that impacts the subsequent Office versions:
Microsoft Office 2016 is available in both 32- and 64-bit versions.
Microsoft Office 64-bit and 32-bit versions, LTSC 2021
Microsoft 365 Enterprise Applications for 32- and 64-bit Operating Systems
Office 2019 for Windows 32- and 64-bit versions
Researchers Jim Rush and Metin Yunus Kandemir are credited with finding and reporting the vulnerability.
“In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability,” according to a warning from Microsoft.
“An attacker, however, would be unable to compel the user to access the website. Rather, the attacker would need to persuade the victim to open the specially constructed file after persuading them to click a link, usually through an allure in an email or instant messaging message.”
As part of its monthly Patch Tuesday updates, a formal patch for CVE-2024-38200 is scheduled to be released on August 13. However, the tech giant announced that it has discovered an alternate workaround that it has enabled via Feature Flighting as of July 30, 2024.
Additionally, it stated that although users of Microsoft Office and Microsoft 365 are now protected on all in-support versions, updating to the final patch version when it becomes available in a few days is crucial for the best level of security.
Microsoft has identified three mitigation solutions and assigned an “exploitation less likely” score to the issue.
Allowing, blocking, or auditing outgoing NTLM traffic from a Windows 7 or Windows Server 2008 or later PC to any remote Windows operating system server is possible by configuring the “Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers” policy setting.
Adding users to the Protected Users Security Group stops them from using NTLM for authentication.
Use a local firewall, a perimeter firewall, or VPN settings to block TCP 445/SMB outbound from the network in order to stop NTLM authentication messages from being sent to distant file shares.
The revelation coincides with Microsoft’s announcement that it is attempting to resolve two zero-day vulnerabilities (CVE-2024-38202 and CVE-2024-21302) that have the potential to be used to “unpatch” Windows updates and bring back outdated security holes.
Elastic Security Labs revealed earlier this week a number of techniques that attackers can use to run malicious apps without causing Windows Smart App Control and SmartScreen alerts. One such technique is called LNK stomping, which has been used for over six years in the wild.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
