Security News > 2024 > August > Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week.
Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.
Microsoft went public with the flaw despite not having a definitive fix ready yet because Rush and colleague Tomais Williamson were scheduled to talk about it at DEF CON on Saturday.
"Customers are already protected on all in-support versions of Microsoft Office and Microsoft 365," Microsoft said, but urged them to "Still update to the August 13, 2024 updates for the final version of the fix."
"Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary," Microsoft explained.
The company regularly fixes vulnerabilities that allow attackers to steal or relay NTLM hashes.