Microsoft Microsoft has disclosed a critical security flaw in its Office software that could expose sensitive user information to cyber attackers. Tracked as CVE-2024-38200 and rated 7.5 on the Common Vulnerability Scoring System (CVSS) scale, the vulnerability allows hackers to impersonate users and access sensitive data. The flaw was discovered by security researchers Jim Rush and Metin Yunus Kandemir, who subsequently reported it to Microsoft.
The vulnerability can be exploited by malicious files disguised as legitimate documents. Attackers typically trick users into opening these harmful files, which can be sent via email or instant messaging. In a web-based attack scenario, an attacker can host a website or use a compromised site to send these specially crafted files. However, the attacker would still need to convince the user to visit the site and open the file, making social engineering tactics a likely method of exploiting this flaw.
Microsoft has acknowledged the severity of the vulnerability and has implemented a temporary fix. A permanent patch is scheduled to be released on August 13, as part of Microsoft’s regular security update cycle. Affected versions of the software include: Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Microsoft Office 2019, all for 32-bit and 64-bit editions.
Users are strongly advised to be careful when handling Office documents from unknown or untrusted sources and to apply the official patch as soon as it is available. While users of supported versions of Microsoft Office and Microsoft 365 are currently protected, updating to the final version of the patch when it is released is critical to ensure complete security against this vulnerability.
Disclaimer
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.