Microsoft Reports Unpatched Zero-Day Vulnerability in Office Suite
Microsoft has recently revealed a serious unpatched vulnerability in its Office suite, identified as CVE-2024-38200. This zero-day flaw presents the risk of unauthorized exposure of sensitive information to malicious entities if successfully exploited. The vulnerability, which has a CVSS score of 7.5, is classified as a spoofing issue that affects multiple Office versions, including Microsoft Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise, across both 32-bit and 64-bit editions.
The vulnerability was discovered and reported by security researchers Jim Rush and Metin Yunus Kandemir. Microsoft provided an advisory detailing potential exploitation scenarios, where a cyber attacker could host a specially crafted file on a website or utilize a compromised site involving user-generated content. However, it is crucial to note that attackers cannot force users to visit these malicious sites; instead, they must entice users into clicking links, typically through phishing emails or instant messages.
A formal patch for CVE-2024-38200 is anticipated to be released on August 13, coinciding with Microsoft’s routine Patch Tuesday updates. In the meantime, Microsoft has implemented an alternative fix via Feature Flighting, effective since July 30, 2024. The company emphasized that customers using supported versions of Office and Microsoft 365 are already protected, but users are encouraged to apply the final patch for comprehensive protection upon its availability.
To mitigate risk until the patch is applied, Microsoft has recommended several security measures. Among these, configuring the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy allows organizations to control NTLM traffic from Windows 7 and later systems. Additionally, adding users to the Protected Users Security Group can prevent the use of NTLM as an authentication method, while blocking outbound TCP 445/SMB traffic via firewalls can further counteract the risk of NTLM authentication communication with remote servers.
This disclosure arrives amidst Microsoft’s ongoing efforts to address two other zero-day vulnerabilities identified as CVE-2024-38202 and CVE-2024-21302, which pose risks by potentially allowing attackers to revert fully updated Windows systems to older, vulnerable versions. Earlier this week, discoveries from Elastic Security Labs highlighted various techniques employed by attackers to run malicious applications without triggering security warnings from Windows Smart App Control and SmartScreen, including the long-standing method known as LNK stomping.
In considering the tactics potentially employed in these attacks, the MITRE ATT&CK framework offers insight into possible techniques such as initial access, where users are lured to malicious sites; persistence through exploitation of local vulnerabilities; and privilege escalation to gain unauthorized access to sensitive information. These tactics underscore the importance of proactive security measures and prompt application of updates in safeguarding sensitive business data against evolving threats.
As the cybersecurity landscape continues to shift, business owners must remain vigilant against both new and existing vulnerabilities. Adapting security protocols in line with expert advisories and ensuring timely patch management are critical steps in maintaining the integrity of organizational defenses. For more information on security updates and vulnerability management, following cybersecurity news sources and industry leaders can provide valuable insights into best practices and emerging threats.