August 10, 2024 at 12:28PM
Microsoft disclosed a high-severity vulnerability affecting multiple Office versions, including Office 2016 and Microsoft 365 Apps for Enterprise. Tracked as CVE-2024-38200, the flaw allows unauthorized access to protected information. Although Microsoft is developing security updates, an alternative fix has been released. Blocking outbound NTLM traffic is recommended as a mitigation.
After reviewing the meeting notes, here are the key takeaways:
– Microsoft has announced a high-severity vulnerability, CVE-2024-38200, affecting Office 2016 and other Office versions, which could expose NTLM hashes to remote attackers.
– The vulnerability impacts multiple Office versions, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise.
– Mitre has indicated a high likelihood of exploitation for this vulnerability.
– Microsoft has identified a fix for CVE-2024-38200 and has released it through Feature Flighting on 7/30/2024.
– Customers are advised to update to the August 13, 2024 updates for the final version of the fix.
– Microsoft recommends mitigating the vulnerability by blocking outbound NTLM traffic to remote servers, which could potentially prevent legitimate access to servers relying on NTLM authentication.
– Microsoft attributed the discovery of the vulnerability to security consultant Jim Rush and Synack Red Team member Metin Yunus Kandemir.
– Rush is expected to disclose more information about the vulnerability in his upcoming “NTLM – The last ride” Defcon talk.
– Microsoft is also working on patching zero-day flaws that could be exploited to “unpatch” up-to-date Windows systems and reintroduce old vulnerabilities.
Please let me know if there is anything else you need assistance with.