A flaw in Windows exposes users to remote attacks when they open infected Office documents. Taking advantage of a vulnerability in MSHTML, Internet Explorer’s rendering engine, hackers create Office files containing a malicious ActiveX control. When the victim opens the document, malware is installed on the computer. The breach affects Windows versions 7 to 10, as well as Windows Server – from the 2008 edition to the 2019 edition.
Named CVE-2021-40444, the flaw was disclosed by the Microsoft Security Response Center (MSRC), the company’s cybersecurity team, on Tuesday (7). The breach is of the zero-day type (already exploited by attackers, but still unpatched) and rated 8.8 on the Common Vulnerability Scoring System (CVSC), an index that measures, on a scale of zero to 10, the level of severity of a security vulnerability.
The impact of the attack is severe. Once the computer is infected, the attackers can modify any files and even completely deny access to the PC’s resources, temporarily or permanently. All data becomes available to the hacker, resulting in a complete loss of confidentiality.
The most exposed users are those with administrator rights in Windows. Accounts configured with less power, such as corporate employees or students, are less affected by the flaw in Trident, MSHTML’s official name.
How to protect yourself
Microsoft hasn’t released any security patches yet, which can happen on a one-off basis or through the so-called “Patch Tuesday”, a security update package usually released on the second Tuesday of the month. In any case, the developer says that Microsoft Defender Antivirus and Microsoft Defender for Endpoint protect against the CVE-2021-40444 vulnerability, as long as they are up to date.
Another piece of software from the company that helps with the problem is Application Guard for Office. It isolates potentially dangerous files through hardware-based virtualization, allowing the user to open and edit documents without compromising their own machine.
One recommendation that mitigates the risk of attack is to open Office documents in Protected View. If the file is corrupted, Microsoft’s verification system will warn the user of the risk.
Alternatively, the user can disable all ActiveX controls in Internet Explorer. However, Microsoft warns that misuse of the Registry Editor can cause serious problems that may require reinstalling the operating system.
Via Techtudo
