Office Spoofing Vulnerability Allows Attackers to Execute Malicious Code
Key Information
- Vendor
- Microsoft
- Status
- Microsoft Office 2019
- Microsoft 365 Apps For Enterprise
- Microsoft Office Ltsc 2021
- Microsoft Office 2016
- Vendor
- CVE Published:
- 12 August 2024
Badges
Summary
The Office Spoofing Vulnerability (CVE-2024-38200) has been discovered and exploited in Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Microsoft Office 2019. It is a zero-day flaw that allows unauthorized disclosure of sensitive information when successfully exploited. The exploit can be enacted through a specially crafted file hosted on a compromised or attacking website, and would generally require user interaction to be successful. A patch is expected on August 13, but a mitigation solution has been identified and implemented. Microsoft is also working on addressing two other zero-day vulnerabilities. This could be part of a larger trend of zero-day exploits targeting Microsoft software, underscoring the importance of timely patching and security awareness.
Affected Version(s)
Microsoft Office 2019 < 19.0.0
Microsoft 365 Apps for Enterprise < 16.0.1
Microsoft Office LTSC 2021 < 16.0.1
News Articles
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to
1 month ago
Microsoft Issues Warning For MS Office Users: Critical Security Vulnerability Spotted, Update To Be Rolled Out Today
The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale.
1 month ago
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) - Help Net Security
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users' NTLM hashes.
1 month ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: 7.5 to: 6.5 - (MEDIUM)
Vulnerability published.
First article discovered by News.de
Vulnerability Reserved.