Microsoft has disclosed the details of an unpatched zero-day in office that could result in unauthorized disclosure of sensitive information to malicious actors.
The vulnerability, tracked as CVE-2024-38200 with a CVSS score: 7.5, has been described as a spoofing flaw that affects the following versions of Office –
- Microsoft Office 2016
- Microsoft Office 2019
- Microsoft Office LTSC 2021
- Microsoft 365 Apps for Enterprise
As per the advisory, a threat actor could host a website that contains a specially crafted file that is designed to exploit the vulnerability and have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
Microsoft, which has tagged the flaw with an “Exploitation Less Likely” assessment, has further outlined three mitigation strategies –
- Restrict NTLM policy, Congigure thee outgoing NTLM traffic to remote servers policy setting provides the ability to allow, block, or audit outgoing NTLM traffic.
- Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism
- Block TCP 445 outbound from the network to prevent the sending of NTLM authentication messages to remote file shares
Official patch is expected during this month Patch Tuesday updates, but the tech giant said it identified an alternative fix that it has enabled via Feature Flighting as of July 30, 2024.
