Understanding the Microsoft Office Vulnerability
Microsoft has recently disclosed a zero-day vulnerability in its Office suite, which could potentially lead to unauthorized access to sensitive information. This flaw, identified as CVE-2024-38200, has been given a CVSS score of 7.5, indicating a high level of severity. This vulnerability is particularly concerning as it affects multiple versions of Office software, including:
- Microsoft Office 2016 for both 32-bit and 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit and 64-bit editions
- Microsoft 365 Apps for Enterprise
- Microsoft Office 2019 for 32-bit and 64-bit editions
What Does Zero-Day Mean?
The term zero-day refers to a newly discovered software vulnerability that hackers can exploit before the software maker has a chance to create a fix. In this case, the vulnerability exists in Microsoft Office and could be used by attackers to trick users into revealing sensitive information.
How the Vulnerability Works
In a typical scenario, an attacker might create a malicious website designed to exploit this vulnerability. They would then need to convince a user to visit this website and open a specially crafted file. This might be done through an email or instant message. Fortunately, the attacker cannot force users to visit these sites; they must rely on social engineering tactics to succeed.
Mitigation and Protection Strategies
Microsoft has outlined several strategies to mitigate the risk of this vulnerability:
- Restrict NTLM Traffic: Configure policies to allow, block, or audit NTLM traffic—a protocol used for network authentication—to prevent unauthorized access.
- Protected Users Security Group: Add users to this group to block NTLM authentication, providing an additional layer of security.
- Block TCP 445/SMB Outbound Traffic: Use firewalls and VPN settings to block certain types of network traffic that could be used to exploit the vulnerability.
These measures can help protect systems until a formal patch is released.
Patch Release and Future Updates
Microsoft plans to release a comprehensive patch on August 13. In the meantime, they have implemented a temporary fix as of July 30, 2024, to protect users. It is crucial for users to apply the upcoming patch to ensure maximum security.
In addition to CVE-2024-38200, Microsoft is also addressing other vulnerabilities (CVE-2024-38202 and CVE-2024-21302), which could potentially undo updates on Windows systems. Elastic Security Labs has highlighted various methods attackers use to bypass protective measures like Windows Smart App Control, emphasizing the importance of staying updated with security patches.
