On August 8th, Microsoft revealed a significant zero-day vulnerability, tracked as CVE-2024-38200, affecting multiple versions of its Office suite with a CVSS score of 7.5. This information disclosure vulnerability could enable unauthorized access to sensitive data, including NTLM hashes, posing a serious risk of network compromise.
The flaw arises from an exploitable weakness that can be activated via web-based attacks. Attackers could host compromised sites or distribute malicious files through social engineering tactics, enticing users to click on links. This strategy underscores the need for caution in email communications and online interactions.
Microsoft confirmed the vulnerability’s status as a zero-day on August 10th, indicating that organizations are at heightened risk until an official patch is implemented. The affected versions encompass Microsoft Office 2016, 2019, 2021, and Microsoft 365 Apps for Enterprise. While a formal patch is scheduled for release on August 13th as part of Patch Tuesday, interim safeguards have already been established through Feature Flighting across all supported versions.
To further reduce exposure, Microsoft advocates for specific mitigations, including adjustments to network security configurations and the addition of users to the Protected Users Security Group. Organizations are encouraged to implement perimeter defense mechanisms to block outbound TCP 445/SMB traffic, thus preventing potential exploitation.
In summary, vigilance and prompt action are essential for organizations using the affected Office versions as they await a comprehensive fix for CVE-2024-38200.
