Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
The vulnerability is waiting to be fixed, but for now, corporate services and home users are under attack.
Microsoft has disclosed an uncorrected zero-day vulnerability in Office that leads to unauthorized disclosure of confidential information. The bug was also presented at the Def Con conference.
CVE-2024-38200 (CVSS score: 7.5) is caused by an information disclosure error that allows an unauthorized person to access protected data. The flaw affects the following versions of Office:
According to Microsoft, the bug can be used to gain access to sensitive data. In an attack scenario, an attacker can host a website (or use a hacked site) that contains a specially created file that is intended to exploit the vulnerability.
However, to implement an attack, the user must open such a file by clicking on the link sent by email or via messenger. Despite the fact that an attacker cannot force a user to visit a dangerous site, the probability of a successful attack remains high if the user is not careful enough.
Microsoft plans to release an official patch as part of the Patch Tuesday updates on August 13, 2024. However, the company has already taken temporary protection measures, releasing an alternative solution via Feature Flying on July 30. However, users are strongly encouraged to update the software to the latest version to ensure maximum protection.
The company also proposed three risk mitigation strategies:
Although Microsoft did not provide additional details about the bug, the warning indicates that the vulnerability can be used to force an outgoing NTLM connection, for example, to an SMB share on an attacker's server. When this happens, Windows sends NTLM hashes of the user, including their hashed password, which can then be stolen by a cybercriminal.
Earlier in June, Elastic Security Labs identified a new Windows hacking technique called GrimResource, which involves using specially created MSC files (Microsoft Saved Console) in combination with an uncorrected XSS vulnerability in Windows to execute code through the Microsoft Management Console (MMC).
Source
Microsoft has disclosed an uncorrected zero-day vulnerability in Office that leads to unauthorized disclosure of confidential information. The bug was also presented at the Def Con conference.
CVE-2024-38200 (CVSS score: 7.5) is caused by an information disclosure error that allows an unauthorized person to access protected data. The flaw affects the following versions of Office:
- Microsoft Office 2016 for 32-bit and 64-bit systems;
- Microsoft Office LTSC 2021 for 32-bit and 64-bit systems;
- Microsoft 365 Enterprise Apps for 32-bit and 64-bit systems;
- Microsoft Office 2019 for 32-bit and 64-bit systems.
According to Microsoft, the bug can be used to gain access to sensitive data. In an attack scenario, an attacker can host a website (or use a hacked site) that contains a specially created file that is intended to exploit the vulnerability.
However, to implement an attack, the user must open such a file by clicking on the link sent by email or via messenger. Despite the fact that an attacker cannot force a user to visit a dangerous site, the probability of a successful attack remains high if the user is not careful enough.
Microsoft plans to release an official patch as part of the Patch Tuesday updates on August 13, 2024. However, the company has already taken temporary protection measures, releasing an alternative solution via Feature Flying on July 30. However, users are strongly encouraged to update the software to the latest version to ensure maximum protection.
The company also proposed three risk mitigation strategies:
- Configure the "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy, which allows you to control outgoing NTLM traffic from Windows computers.
- Adding users to the Protected Users Security Group, which prevents NTLM from being used as an authentication mechanism.
- Block outgoing TCP 445/SMB traffic using perimeter firewall, local firewall, and VPN settings to prevent NTLM authentication messages from being sent to remote file stores.
Although Microsoft did not provide additional details about the bug, the warning indicates that the vulnerability can be used to force an outgoing NTLM connection, for example, to an SMB share on an attacker's server. When this happens, Windows sends NTLM hashes of the user, including their hashed password, which can then be stolen by a cybercriminal.
Earlier in June, Elastic Security Labs identified a new Windows hacking technique called GrimResource, which involves using specially created MSC files (Microsoft Saved Console) in combination with an uncorrected XSS vulnerability in Windows to execute code through the Microsoft Management Console (MMC).
Source
