Microsoft Office Critical ZeroDay Vulnerability - 20241004001

Overview

The WA SOC has been made aware of a ZeroDay Microsoft Office spoofing vulnerability with proof-of-concept (PoC) available. This vulnerability, if successfully exploited, will allow attackers to capture sensitive authentication data, such as NTLMv2 hashes, potentially leading to unauthorized access.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Microsoft Office 2016 Microsoft Office LTSC 2021 Microsoft 365 Apps for Enterprise Microsoft Office 2019	both x86 and x64 editions	CVE-2024-38200	9.1	Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Microsoft advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200

Additional References

• Securityonline: https://securityonline.info/0-day-flaw-cve-2024-38200-in-microsoft-office-exposes-ntlmv2-hashes-poc-exploit-released/