Security News > 2024 > August > Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors.
The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.
"In a web-based attack scenario, an attacker could host a website that contains a specially crafted file that is designed to exploit the vulnerability," Microsoft said in an advisory.
It also noted that while customers are already protected on all in-support versions of Microsoft Office and Microsoft 365, it's essential to update to the final version of the patch when it becomes available in a couple of days for optimal protection.
Configuring the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system.
The disclosure comes as Microsoft said it's working on addressing two zero-day flawsthat could be exploited to "Unpatch" up-to-date Windows systems and reintroduce old vulnerabilities.
News URL
https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html
Related news
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-12 | CVE-2024-38200 | Unspecified vulnerability in Microsoft products Microsoft Office Spoofing Vulnerability | 6.5 |