Explorer

Microsoft Issues Warning For MS Office Users: Critical Security Vulnerability Spotted, Update To Be Rolled Out Today

The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale.

Microsoft has disclosed a critical security vulnerability within their Office software service that could allow cybercriminals to gain access to sensitive information. This flaw is categorised as a spoofing vulnerability, where attackers employ social engineering tactics to deceive users into clicking on links that appear legitimate but are actually maliciously crafted to mimic authentic websites.

The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale. It was uncovered by security researchers Jim Rush and Metin Yunus Kandemir, who promptly reported their findings to Microsoft. Beyond malicious links, this flaw can also be exploited through files that are disguised to appear as legitimate documents, further increasing the risk of unauthorised access to sensitive data.

Microsoft's Statement, Action

Microsoft has also stated this issue and added, "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability.”

The tech giant further said, “However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.”

Therefore, it is crucial for Microsoft Office users to remain vigilant when dealing with Office documents, especially those received from unfamiliar or untrusted sources. Users are encouraged to be cautious and avoid opening suspicious files until the official patch is released. Microsoft plans to roll out this patch on August 13, as part of their regular security update schedule.

The versions of Office currently vulnerable to this vulnerability include Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Microsoft Office 2019. Until the patch is available, users should be particularly cautious to protect their systems from potential threats.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

Delhi Confirms Receiving Diplomatic Note From Dhaka Over Ex-PM Sheikh Hasina's Extradition
Delhi Confirms Receiving Diplomatic Note From Dhaka Over Ex-PM Sheikh Hasina's Extradition
Legendary Filmmaker Shyam Benegal Passes Away At 90
Legendary Filmmaker Shyam Benegal Passes Away At 90
PM Modi On Germany Christmas Market Attack: ‘Pains My Heart When There Are Attempts To Spread Violence’
PM Modi On Germany X-Mas Market Attack: ‘Pains My Heart When There Are Attempts To Spread Violence’
Video: Haryana Minister Anil Vij Suspends Cop After Sobbing Woman Complains: 'Who Are You To Stop FIR?'
Video: Haryana Minister Anil Vij Suspends Cop After Sobbing Woman Complains: 'Who Are You To Stop FIR?'
Advertisement
ABP Premium

Videos

Sambhal News: Two New Corridors Found in Ancient Stepwell Excavation in ChandausiLucknow Police Encounters Robbers, Arrests Trio Involved in Bank Heist, One InjuredSambhal Stepwell Excavation: Truth to be Revealed, Major Discoveries Await - ABP NewsProtests Outside Allu Arjun's House Over 'Pushpa 2' Stampede Incident, Accused Granted Bail

Photo Gallery

Embed widget