Microsoft alerts users of vulnerability that impacts Windows through MS Office docs

Microsoft has alerted its users of a vulnerability that could impact Microsoft Windows 7 to 10. The tech giant said that it is also investigating reports of a remote code execution vulnerability in Microsoft HTML. It said that hackers could exploit this vulnerability through “specially-crafted” Microsoft Office documents.

The company acknowledged the vulnerability to be level 0, which means that it is being actively exploited and is a ‘high priority’ risk for users. The vulnerability has been named CVE-2021-40444.

Users whose accounts are configured to have fewer user rights could be less impacted as against users who opt for administrative user rights. Microsoft said that this is because an attacker could create a malicious ActiveX control to be used by a Microsoft Office document. The next step for the attacker would be to convince the user to open the document, which is where the user rights come into play. The document, once opened, could open the attacker’s web page on Internet Explorer and then download malware into the system.

The tech giant said that by default Microsoft Office opens documents from the internet in Protected View or Application Guard for Office, both of which prevent the current attack.

Once the investigation is complete, Microsoft said that it will take appropriate action to help customers. It could also include a security update through their monthly release process or even an out-of-cycle security update.

WHAT CAN USERS DO

Microsoft advised users to update their anti-malware products. Microsoft Defender Antivirus and Microsoft Defender for Endpoint also detect and protect against the vulnerability. Microsoft Defender for Endpoint alerts upon detection will be displayed as “Suspicious Cpl File Execution”.

Enterprise customers who manage their updates should select detection build 1.349.22.0 or newer.

One could also disable the installation of all ActiveX controls in Internet Explorer, which will mitigate the attack. The registry could be updated to ensure this. Previously-installed ActiveX controls will continue to run but won’t expose this vulnerability.

It must also be kept in mind that incorrectly using the Registry Editor could cause grave problems to the operating system that would then require reinstalling.

Also read: Microsoft warns thousands of cloud computing users of exposed databases
Also read: Avianca partners with TCS to build new cloud-based digital core on Microsoft Azure