CVE-2024-38200

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version Microsoft Office 2016 Microsoft Office 2019 Microsoft Office LTSC 2021 Microsoft 365 Apps for Enterprise

Description A spoofing vulnerability in Microsoft Office allows attackers to affect the system. The vulnerability is related to insufficient protection of service data and can be exploited by an attacker to steal NTLM hashes. This can be done by guiding the victim to a website or opening a specially crafted file. The vulnerability affects various versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise.

Recommendations For Microsoft Office 2016, update to a newer version that contains a fix for this vulnerability. For Microsoft Office 2019, update to a newer version that contains a fix for this vulnerability. For Microsoft Office LTSC 2021, update to a newer version that contains a fix for this vulnerability. For Microsoft 365 Apps for Enterprise, update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider blocking NTLM traffic to minimize the risk of exploitation. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the parameter user id in the affected API endpoint until the issue is resolved. Configure the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy setting to block outgoing NTLM traffic from a computer running Windows Server 2008, Windows Server 2008 R2, or later to any remote server running the Windows operating system.