Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Information:

  Microsoft 365 is a product family of productivity software, collaboration and cloud-based services owned by Microsoft. It encompasses online services such as Outlook.com, OneDrive, Microsoft Teams, programs formerly marketed under the name Microsoft Office (including applications such as Word, Excel, PowerPoint, and Outlook on Microsoft Windows, macOS, mobile devices, and on the web), enterprise products and services associated with these products such as Exchange Server, SharePoint, and Viva Engage. It also covers subscription plans encompassing these products, including those that include subscription-based licenses to desktop and mobile software, and hosted email and intranet services.

Incident :

  Microsoft disclosed a high-severity zero-day vulnerability, tracked as CVE-2024-38200, which affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise

  CVE-2024-38200 is categorized as a spoofing vulnerability within Microsoft Office. Spoofing vulnerabilities typically involve the manipulation of the interface or behavior of a software component, tricking users or systems into believing that a deceptive file, request, or user is legitimate. In this specific case, the vulnerability facilitates unauthorized disclosure of sensitive information, potentially allowing malicious actors to access critical data such as system configuration, network status, or even personal user information.

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability.

  However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The vulnerability impacts a wide array of Microsoft Office products:

• Microsoft Office 2016 (32-bit and 64-bit)
• Microsoft Office 2019 (32-bit and 64-bit)
• Microsoft Office LTSC 2021 (32-bit and 64-bit)

Microsoft 365 Apps for Enterprise (32-bit and 64-bit)

Securing Your Systems While Awaiting a Patch: Proactive Mitigation Tactics

• Restrict NTLM Traffic: Limiting or blocking NTLM traffic is crucial. It minimizes the risk of sensitive data being exposed by controlling unauthorized transmissions.
• Protected Users Group: Adding users to the Protected Users Security Group strengthens defenses by disabling NTLM as an authentication method, reducing vulnerabilities.
• Block TCP 445/SMB: By blocking outbound traffic on TCP port 445, you cut off NTLM authentication messages to remote servers, effectively shrinking the potential attack surface.

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)

References :

       - https://nexsecura.com/blog/cve-2024-38200-microsoft-office-vulnerability/

        - https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html

        - https://www.bleepingcomputer.com/news/security/microsoft-discloses-unpatched-office-flaw-that-exposes-ntlm-hashes/

        - https://medium.com/@nexsecura/unpacking-cve-2024-38200-a-critical-office-vulnerability-you-cant-ignore-3924b61c3258

Weekly Interesting CVE

Malware News or Campaign IOC/IOA | EN

Ref : https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html