Microsoft Office zero-day vulnerability actively exploited
#1
Microsoft has received reports of a remote code execution (RCE) vulnerability (CVE-2021-40444) hackers are actively exploiting. The attack uses maliciously crafted Microsoft Office files that open an ActiveX control using the MSHTML browser rendering engine. Vulnerable systems include Windows Server 2008 through 2019 and Windows 7 through 10.

Expmon, one of several security firms that reported the zero-day exploit, told BleepingComputer the attack method is 100-percent reliable making it very dangerous. Once a user opens the document, it loads malware from a remote source. Expmon tweeted that users should not open any Office documents unless they are from an entirely trusted source.

The file that Expmon discovered was a Word document (.docx), but Microsoft did not indicate that the exploit was limited to Word files. Any document that can call on MSHTML is a potential vector. Microsoft does not have a fix for the security hole yet, but it does list some mitigation methods in the bug report.

Aside from being cautious when opening Office documents, running Microsoft Office in its default configuration opens files in Protected View mode, which mitigates the attack (Application Guard in Office 360). Additionally, Microsoft Defender Antivirus and Defender for Endpoint prevent the exploit from executing.

Microsoft also says that users can disable the installation of all ActiveX controls in Internet Explorer. This workaround requires a registry file (.reg), which users can find in the bug report. Executing the REG file transfers the new entries to the Windows registry. A reboot is required for the settings to take effect.



https://www.techspot.com/news/91154-micr...-code.html
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  iPhone flaw exploited by shadowy Israeli spy firm QuaDream: Sources Resurgence 1 10,239 Dec 16, 2022, 12:36 pm
Last Post: adamba
  Swedish prosecutor’s office confirms act of sabotage against Nord Stream Resurgence 0 6,959 Nov 18, 2022, 14:31 pm
Last Post: Resurgence
  GitHub vulnerability allows hackers to hijack thousands of open-source packages Resurgence 0 6,430 Nov 17, 2022, 13:16 pm
Last Post: Resurgence
  Assange strip searched and moved to bare cell on day extradition announced Resurgence 4 8,118 Jun 28, 2022, 21:16 pm
Last Post: Ladyanne3
  European gas prices jump 25% in one day amid dropping Nord Stream supply Resurgence 0 6,393 Jun 16, 2022, 16:50 pm
Last Post: Resurgence



Users browsing this thread: 2 Guest(s)