Microsoft reveals Office security flaw that has not yet been patched

No Comments
Microsoft 365 Office 365

Various versions of Microsoft Office have a serious security vulnerability which could expose sensitive data to an attacker. Worryingly, while disclosing the flaw, Microsoft has also conceded that there is no patch available.

The issue is being tracked as CVE-2024-38200 and it affects a variety of edition of the office suite -- namely the 32- and 64-bit versions of Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise. While there is no fix available right now, one is expected in the coming days.

See also:

The flaw is described as a spoofing vulnerability and has been given a CVSS score of 7.5. But while the security has a fairly high severity rating, Microsoft is trying to play down the likelihood of it being exploited.

Writing about the issue, the company says:

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability.

However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Until a fix is produced, Microsoft suggests three means of mitigating the flaw:

  • Configuring the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows 7, Windows Server 2008, or later to any remote server running the Windows operating system
  • Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism
  • Block TCP 445/SMB outbound from the network by using a perimeter firewall, a local firewall, and via VPN settings to prevent the sending of NTLM authentication messages to remote file shares

Image credit: rafapress / despoitphotos

No Comments
Got News? Contact Us

Recent Headlines

Attacks on manufacturing companies up 105 percent

Apple unveils AirPods 4 and introduces hearing health features in AirPods Pro 2

Apple Watch Series 10 debuts alongside Apple Watch Ultra 2 in black titanium

Forget Google Pixel 9 Pro, Apple iPhone 16 Pro is the AI smartphone you really want

Apple launches iPhone 16 with advanced A18 chip, enhanced camera features and Apple Intelligence

ADATA launches XPG LANCER NEON RGB DDR5 gaming memory

DoorDash partners with Magnolia Bakery to deliver exclusive new banana pudding flavor through DashMart

Most Commented Stories

Forget Windows 11, the stunning Windows 10 2024 Edition is the operating system you want

34 Comments

10 shocking reasons Windows 10 outshines Windows 11

22 Comments

Rectify11 update arrives to fix Windows 11 -- download it now

18 Comments

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

15 Comments

Microsoft is testing a change to the Windows 11 Start menu that you might actually like

14 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.6.1

14 Comments

Forget Microsoft Windows 11, the Chinese-made deepin Linux 23 is the operating system you really want

12 Comments

Goodbye Windows 11, hello Linux: Discover how ExTiX Deepin 24.8 can free your computer from Microsoft

11 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.