Microsoft has revealed a potentially disruptive flaw discovered in versions of its Office software suite that may allow malicious actors to access sensitive information.
The flaw is described as a disclosure weakness and is tracked as CVE-2024-38200. This affects both 32-bit and 64-bit versions of the product, adding Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Business.
Microsoft says malicious actors are most likely not looking to exploit the flaw because it requires strong interaction from the victim and basically affects older versions of Office that aren’t used by many users these days.
“In an Internet attack scenario, an attacker can simply host an Internet site (or exploit a compromised Internet site that accepts or hosts user-provided content) that contains a particular record designed to exploit the vulnerability,” Microsoft said in its opinion. Formation
“However, an attacker would have no way to force the user to make a stop on the website. Instead, an attacker would have to convince the user to click on a link, using an incentive in an email or instant messaging message, and then convince the user to open the specially crafted file. “
While this is a lot of work, we have seen malicious actors carry out even more complex attacks that require sufferers to take multiple actions.
In any case, Microsoft patched the Feature Flighting vulnerability on July 30, BleepingComputer reports.
“No, we are aware of a workaround for this factor that we enabled through Feature Flighting on 07/30/2024,” says the updated CVE-2024-38200 advisory. “Customers already have all supported versions of Microsoft Office and Microsoft 365. Customers still deserve to upgrade to the August 13, 2024 updates for the final patch release.
Patchers can fix the problem by blocking outbound NTLM traffic to remote servers. More main points about the mitigation measure can be discovered here.
Through a computer that sounds
Sead is an experienced freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, knowledge breaches, legislation, and regulations). During his career, spanning more than a decade, he has written for media outlets, including Al Jazeera Balkans. He has also facilitated several modules on content writing for Represent Communications.
Some of AMD’s most iconic chips have a serious security flaw, which the company says it probably won’t fix now.
Going to college? Here’s Why You Need a VPN
Protect your passwords with Keeper – 50% off all plans
TechRadar is from Future US Inc. , a leading foreign media organization and virtual publisher. Visit our corporate website.