Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Microsoft warns of unpatched Office vulnerability leading to data disclosure
Global Security

Microsoft warns of unpatched Office vulnerability leading to data disclosure

AdminBy AdminAugust 10, 2024No Comments3 Mins Read
Office Vulnerability
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 10, 2024Ravi LakshmananVulnerability / Enterprise Security

Office Vulnerability

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could lead to the unauthorized disclosure of sensitive information to attackers.

The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office –

  • Microsoft Office 2016 for 32-bit and 64-bit versions
  • Microsoft Office LTSC 2021 for 32-bit and 64-bit
  • Microsoft 365 apps for business for 32-bit and 64-bit systems
  • Microsoft Office 2019 for 32-bit and 64-bit versions

Researchers Jim Rush and Metin Yunus Kandemir are credited with discovering and reporting the vulnerability.

Cyber ​​security

“In a web-based attack scenario, an attacker could host a website (or use a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability,” Microsoft. said in the consulting room.

“However, there would be no way for an attacker to force a user to visit a website. Instead, an attacker would have to convince the user to click on a link, typically through a lure in an email or Instant Messenger message, and then convince the user to open a specially crafted file.”

The official patch for CVE-2024-38200 is expected to ship on August 13 as part of its monthly Update Tuesday, but the tech giant said it has identified an alternative fix that it has included via Feature Flighting as of July 30, 2024.

It also notes that while customers are already protected in all supported versions of Microsoft Office and Microsoft 365, it is critical to update to the final version of the patch when it becomes available in a few days for optimal protection.

Microsoft, which listed the flaw as “Least Likely to Exploit,” outlined three mitigation strategies:

  • Block outbound TCP 445/SMB from the network using a perimeter firewall, local firewall, and VPN settings to prevent NTLM authentication messages from being sent to remote shares
Cyber ​​security

Disclosures are made as Microsoft said it works to address two zero-day flaws (CVE-2024-38202 and CVE-2024-21302) that can be used to “fix” modern Windows systems and reintroduce older vulnerabilities.

Earlier this week Elastic Security Labs lifted the lid about various methods attackers can use to run malware without triggering Windows Smart App Control and SmartScreen warnings, including a technique called LNK stomping that’s been in the wild for more than six years.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.