Microsoft urges updates for Office vulnerability allowing NTLM Hash and login data theft
Microsoft has reported a critical vulnerability in Microsoft Office, labeled CVE-2024-38200, which could enable remote attackers to access NTLM hashes. This flaw impacts Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise on both 32-bit and 64-bit systems. While Microsoft minimizes the risks, MITRE considers it highly exploitable. Attackers can exploit this vulnerability via web-based attacks by hosting malicious files on websites and tricking users into opening them through emails or instant messages.
Microsoft is releasing fixes for its office suite, urging users to update their systems promptly and, to mitigate the risk, advises blocking outbound NTLM traffic to remote servers through group policy, adding users to the Protected Users Security Group, or blocking traffic to TCP port 445, though these measures might affect legitimate access.
The vulnerability allows attackers to force outbound NTLM connections, potentially stealing and cracking NTLM hashes to access login credentials and facilitating NTLM Relay Attacks, similar to ShadowCoerce and PetitPotam.
- Word Processor
- Freemium
- Proprietary
Related news
External links
- CVE-2024-38200 - Security Update GuideMicrosoft Security Response Center • Official source
- Microsoft Warns of Unpatched Office Vulnerability Leading to Data ExposureThe Hacker News
- Microsoft Office Spoofing Vulnerability Let Attackers Steal Sensitive DataCyber Security News
- Microsoft discloses unpatched Office flaw that exposes NTLM hashesBleepingComputer