[German]Microsoft has published a warning of an unpatched spoofing vulnerability CVE-2024-38200 on August 8, 2024 (with update on August 10, 2024). The vulnerability is included in all Office versions (Office 2016 – 2021, Office 365).
Advertising
Spoofing vulnerability CVE-2024-38200
In the article on vulnerability CVE-2024-38200, Microsoft warns of a Microsoft Office spoofing vulnerability that has been assigned a CVSS 3.1 index of 7.5. Attackers have the ability to deliver a file via a special or compromised website to exploit the vulnerability. The vulnerability could be used to expose NTLM hashes to remote attackers.
However, the attacker would have to get the user to click on a link (e.g. in an email or instant messenger message) and then get them to open the specially crafted file. In this case, the attacker could retrieve information from the target system. The following 32- and 64-bit versions of Office are affected:
- Microsoft Office 2016
- Microsoft Office 2019
- Microsoft Office LTSC 2021
- Microsoft 365 Apps
Microsoft classifies the exploitation as "Exploitation Less Likely" – I read from the colleagues at Bleeping Computer that MITRE has classified the probability of exploitation of this type of vulnerability as very likely.
Office protected by feature flighting
An update to finally close the vulnerability will probably be rolled out on August 13, 2024. However, Microsoft writes that it has found an alternative solution to this problem and activated it on July 30, 2024 via feature flighting. Customers are already protected with all supported versions of Microsoft Office and Microsoft 365. Customers should still update to the August 13, 2024 updates to receive the final version of the fix.
According to Microsoft, the article on the CVE-2024-38200 also provides administrators with information on three methods to block outbound NTLM traffic.
Advertising
Advertising
