Urgent: Unpatched Microsoft Office Flaw Risks Data Exposure

Microsoft has issued a warning about an unpatched zero-day vulnerability affecting multiple versions of its Office suite, potentially enabling malicious actors to gain access to sensitive data.

The vulnerability, tracked as CVE-2024-38200 with a CVSS score of 7.5, has been classified as a spoofing flaw. This means that attackers could trick users into opening malicious files, potentially leading to unauthorised data disclosure.

The affected versions of Office include:

Microsoft Office 2016 (32-bit and 64-bit)

Microsoft Office LTSC 2021 (32-bit and 64-bit)

Microsoft 365 Apps for Enterprise (32-bit and 64-bit)

Microsoft Office 2019 (32-bit and 64-bit)

Researchers Jim Rush and Metin Yunus Kandemir are credited with discovering and reporting the vulnerability.

In a potential attack scenario, attackers could create a website containing a specially crafted file designed to exploit the flaw. They could then entice users to click a link leading to the website, tricking them into opening the malicious file.

While a formal patch for CVE-2024-38200 is expected to be released on 13 August as part of Microsoft's monthly Patch Tuesday updates, the tech giant has already implemented an alternative fix via Feature Flighting since 30 July.

Despite this, Microsoft advises users to update to the final patched version when it becomes available for optimal protection. While all currently supported versions of Microsoft Office and Microsoft 365 are protected, updating to the latest patch is essential.

To mitigate the risk until the patch is released, Microsoft suggests the following strategies:

Block TCP 445/SMB outbound traffic: This can be achieved by using a perimeter firewall, a local firewall, and VPN settings. This prevents the transmission of NTLM authentication messages to remote file shares.

The disclosure of this vulnerability comes as Microsoft is also addressing two other zero-day flaws (CVE-2024-38202 and CVE-2024-21302) which could be exploited to "unpatch" up-to-date Windows systems, potentially reintroducing old vulnerabilities.

These vulnerabilities highlight the constant need for vigilant security practices. Users and organisations are advised to stay updated with the latest security patches and maintain strong security measures to protect against potential threats.