Office Spoofing Vulnerability Allows Attackers to Execute Malicious Code

Summary

The Office Spoofing Vulnerability (CVE-2024-38200) has been discovered and exploited in Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Microsoft Office 2019. It is a zero-day flaw that allows unauthorized disclosure of sensitive information when successfully exploited. The exploit can be enacted through a specially crafted file hosted on a compromised or attacking website, and would generally require user interaction to be successful. A patch is expected on August 13, but a mitigation solution has been identified and implemented. Microsoft is also working on addressing two other zero-day vulnerabilities. This could be part of a larger trend of zero-day exploits targeting Microsoft software, underscoring the importance of timely patching and security awareness.

News Articles

Help Net Security

CVE-2024-38200CVE-2024-28986

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to

1 month ago

ABP Live

CVE-2024-38200

Microsoft Issues Warning For MS Office Users: Critical Security Vulnerability Spotted, Update To Be Rolled Out Today

The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale.

1 month ago

Help Net Security

CVE-2024-38200

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) - Help Net Security

A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users' NTLM hashes.

1 month ago

More News...