Security News > 2024 > August > Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
2024-08-10 05:35

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors.

The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.

"In a web-based attack scenario, an attacker could host a website that contains a specially crafted file that is designed to exploit the vulnerability," Microsoft said in an advisory.

It also noted that while customers are already protected on all in-support versions of Microsoft Office and Microsoft 365, it's essential to update to the final version of the patch when it becomes available in a couple of days for optimal protection.

Configuring the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system.

The disclosure comes as Microsoft said it's working on addressing two zero-day flawsthat could be exploited to "Unpatch" up-to-date Windows systems and reintroduce old vulnerabilities.


News URL

https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-38200 Unspecified vulnerability in Microsoft products
Microsoft Office Spoofing Vulnerability
network
low complexity
microsoft
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399