FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-38084

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Aug 13, 2024

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Microsoft OfficePlus contains an Elevation of Privilege vulnerability. This vulnerability is associated with improper link resolution before file access, also known as 'link following'. The vulnerability affects Microsoft OfficePlus versions prior to 3.2.0.27546.

Impact

If exploited, this vulnerability could allow an attacker with low privileges to elevate their privileges on the system. The impact is severe, with potential for high confidentiality, integrity, and availability breaches. An attacker could potentially gain unauthorized access to sensitive information, modify system files, or disrupt system operations. The attack vector is local, meaning the attacker would need prior access to the system, but no user interaction is required for the exploit to succeed.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Microsoft released updates to address this issue on August 13, 2024. Users should update to Microsoft OfficePlus version 3.2.0.27546 or later to mitigate this vulnerability.

Mitigation

1. Apply the security update provided by Microsoft as soon as possible. 2. Update Microsoft OfficePlus to version 3.2.0.27546 or later. 3. Implement the principle of least privilege, ensuring users and applications operate with minimal necessary permissions. 4. Monitor for suspicious activities related to privilege escalation attempts. 5. Consider using application whitelisting to prevent unauthorized executables from running. 6. Regularly audit and review file system permissions, especially for sensitive system files and directories. 7. Implement and maintain robust access controls across the network.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 7.8 has been assigned.

Aug 13, 2024 at 5:35 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-38084. See article

Aug 13, 2024 at 5:37 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 13, 2024 at 5:47 PM
CVE Assignment

NVD published the first details for CVE-2024-38084

Aug 13, 2024 at 6:15 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 19%)

Nov 19, 2024 at 3:54 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/officeplus
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

References

Microsoft August 2024 Security Updates
NCSC-FI vulnerabilities summary 2024-08-13 / 3mo
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
Microsoft OfficePlus Elevation of Privilege Vulnerability
Microsoft Security Advisories - MSRC / 3mo
What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
VERT Threat Alert: August 2024 Patch Tuesday Analysis
Blog RSS Feed / 3mo
While updates for CVE-2024-38200 were released as part of the August Patch Tuesday drop, Microsoft had already enabled a fix for this issue on July 30, meaning that all users of supported versions of Office were protected. This vulnerability, a privilege escalation in the Windows Kernel, requires that the attacker win a race condition to successfully exploit it.

News

Microsoft’s September 2024 Patch Tuesday Update Fixes 79 Vulnerabilities
News – Petri IT Knowledgebase / 2mo
Microsoft addressed 79 vulnerabilities in September 2024 Patch Tuesday, with 7 critical flaws in components like Windows, Office, and SharePoint. Microsoft released yesterday the September 2024 Patch Tuesday updates for all supported versions of Windows 10 and Windows 11.
Update Sun Sep 1 22:32:38 UTC 2024
Recent Commits to cve:main / 2mo
Update Sun Sep 1 22:32:38 UTC 2024
CNNVD | 关于微软多个安全漏洞的通报
Doonsec's feed / 3mo
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products - Security Boulevard
"vulnerabilities" - Google News / 3mo
On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio and Azure, including high-risk vulnerabilities such as privilege escalation and remote code execution. Due to an error in the Windows Power Dependency Coordinator after release, local attackers authenticated by ordinary users can exploit this vulnerability by running special programs to obtain SYSTEM permissions of the target system.
CNNVD关于微软多个安全漏洞的通报
Doonsec's feed / 3mo
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
See 25 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-59(1181)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial