Microsoft Announces Unpatched Security Vulnerability in Office Suite, Patch to be Released Next Tuesday
Brook.X
Normally, Microsoft would disclose vulnerabilities and related information only after they have been fixed. However, this time, the situation is somewhat unusual as Microsoft has disclosed a vulnerability that has yet to be fixed.
The vulnerability, CVE-2024-38200, has a CVSS score of 7.5/10 and primarily affects the Microsoft Office suite. Attackers could lure users into visiting a specially crafted website to trigger the vulnerability, allowing them to steal sensitive information.
Affected versions include:
- Microsoft Office 2016 32/64-bit
- Microsoft Office 2021 32/64-bit
- Microsoft Office 2019 32/64-bit
- Microsoft 365 Apps for enterprise 32/64-bit
In their vulnerability disclosure, Microsoft states:
In a web-based attack scenario, an attacker could host a website containing a file that exploits this vulnerability. However, the attacker cannot force users to visit the website; instead, they must convince users to click a link, usually through email or instant messaging, and then entice them to open the specially crafted file.
Although the patch for the vulnerability has not yet been released, Microsoft has already deployed an alternative remediation measure through servers on July 30, which should have been pushed out by now, so most users need not worry about this vulnerability.
The official patch will be released on August 13, 2024, and will be installed along with the Windows update, sealing the vulnerability and preventing hackers from further exploitation.
Microsoft has also marked this vulnerability as "less likely to be exploited" and provided three temporary mitigations:
- Configure network security: Limit outgoing NTLM traffic to remote servers, mainly to prevent access to outgoing traffic on servers.
- Add users to the Protected Users group, which can prevent attacks using NTLM as an authentication mechanism.
- Use external firewalls, local firewalls, and VPN encrypted tunnels to block outbound TCP 445 / SMB traffic from the network, preventing the remote sending of NTLM authentication messages to file shares.
