Microsoft Office 0-day Vulnerability

On Tuesday, Microsoft revealed an alarming vulnerability in Internet Explorer, a bug that is being used to harm Windows users. The attack is enabled by a weaponized Office file and works like this: A victim receives an email with a link to a Word document inside. It is very important that you do not click on the link; instead, you should open the document directly.

The critical vulnerability has been found in Microsoft’s proprietary web rendering engine. The flaw, tracked as CVE-2021-40444, allows attackers to remotely execute code on a vulnerable system. The engine is used to render web content inside Word, Excel, and PowerPoint documents.

 

 

They have said. “Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,”.

They also added: “An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,”

 

Microsoft has discovered a loophole in Windows that can be exploited by cybercriminals. It’s so serious, Microsoft is giving away the information for free. The flaw has been discovered by Mandiant and Exmon. Details are largely unknown, but it doesn’t look good.

Microsoft, after finishing its investigation, will release either a security patch or an out-of-band patch. The software maker is advising users and organizations to disable all ActiveX controls in Internet Explorer, which will prevent the spread of the attack.
 

I hope this article was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert.


Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.