When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Microsoft has recently disclosed a potentially serious security flaw in its widely-used Office software suite that could allow attackers to access sensitive information. This vulnerability, identified as CVE-2024-38200, affects both 32-bit and 64-bit versions of Office, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise.
The flaw is categorized as an “information disclosure weakness,” which, while concerning, may not be as alarming as it sounds. Microsoft has downplayed the likelihood of this vulnerability being exploited, noting that it would require significant interaction from the victim. The company also emphasized that the flaw mainly impacts older Office versions, which many users no longer use.
How the Vulnerability Could Be Exploited
In a web-based attack scenario, an attacker could theoretically host a malicious website or compromise an existing one to deliver a specially crafted file designed to exploit this vulnerability. However, the attacker cannot force users to visit this site. Instead, they would need to persuade the user to click on a link—usually through an email or instant message—and then convince them to open the file.
While this attack chain might seem cumbersome, it’s important to remember that cybercriminals have successfully executed even more complex schemes in the past. That said, the likelihood of this particular flaw being widely exploited remains low, especially given the steps required for it to succeed.
Microsoft’s Response
To address the issue, Microsoft implemented a fix through a process known as “Feature Flighting” on July 30, 2024, according to a report from BleepingComputer. This method allowed Microsoft to deploy the fix without requiring immediate user action.
Microsoft’s updated advisory on CVE-2024-38200 reassures users that they are already protected on all supported versions of Microsoft Office and Microsoft 365. However, the company still advises users to apply the upcoming August 13, 2024 updates to receive the final version of the fix.
For those who are unable to apply the patch immediately, Microsoft recommends a workaround: blocking outbound NTLM traffic to remote servers. Detailed instructions for this mitigation can be found on Microsoft’s support site.
While the discovery of this vulnerability is noteworthy, Microsoft’s swift response and the low likelihood of exploitation mean that most users can breathe easy. As always, staying vigilant and keeping your software up to date is the best way to protect yourself from potential threats.
