Security News > 2024 > August > Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors.
The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.
"In a web-based attack scenario, an attacker could host a website that contains a specially crafted file that is designed to exploit the vulnerability," Microsoft said in an advisory.
It also noted that while customers are already protected on all in-support versions of Microsoft Office and Microsoft 365, it's essential to update to the final version of the patch when it becomes available in a couple of days for optimal protection.
Configuring the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system.
The disclosure comes as Microsoft said it's working on addressing two zero-day flawsthat could be exploited to "Unpatch" up-to-date Windows systems and reintroduce old vulnerabilities.
News URL
https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html
Related news
- Microsoft 365, Office users hit by wave of ‘30088-27’ update errors (source)
- ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft discloses unpatched Office flaw that exposes NTLM hashes (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-38200 | Unspecified vulnerability in Microsoft products Microsoft Office Spoofing Vulnerability | 6.5 |