Hackers attack Windows through Office documents

Hackers attack Windows through Office documents

This Tuesday, Microsoft is alerted to new zero-day attack which affects Internet Explorer by taking advantage of of Microsoft Office Documentation … For now, the company has shared workarounds to address a vulnerability cataloged as CVE-2021-40444 for Remote Code Execution (RCE) in MSHTL.

What is a zero-day attack?

Zero-day attacks are known as security holes and are detected by cybercriminals and not by the manufacturer or developer. The main threat is that until a company or developer releases a patching patch, attackers will have complete leeway to take advantage of security flaw

Safety Windows

On this occasion vulnerability CVE-2021-40444 was classified as important with a severity of 8.8 out of 10 affecting Windows Server from 2008 to 2019 and operating systems Windows from version 8 to 10. The most vulnerable to these types of attacks are users who work with accounts with administrator rights.

According to the company itself, “Microsoft is aware of the existence of targeted attacks that attempt to exploit this vulnerability using specially crafted Microsoft Office documents.”

On the other hand, the United States Security and Infrastructure Agency (CISA) also warned of this new attack and encouraged users to familiarize themselves with Microsoft’s prevention methods.

How can we protect ourselves?

Microsoft claims the attack could create malicious ActiveX control for using Microsoft Office. For the attack to take effect, the user needs to open the malicious document.

From EXPMON, a service designed to monitor exploits, they claim to have been able to reproduce the CVE-2021-40444 attack in the latest Office 2019 / Office 365 on computers with Windows 10, which is a logical and really dangerous failure.

Recommended
How to Turn Off Face ID on iPhone Easily

Until the patch comes out, Microsoft’s primary recommendation is to disable the installation of all ActiveX controls in Internet Explorer. … The company itself indicates how to do this through its statements.

When it comes to vulnerabilities, one of the most important aspects is keeping all the defenses available to us active. Having installed and updated antivirus on our computer it can make a difference whether our device is infected or not.

Another fundamental measure is to keep the software always up to date. It seems obvious, but there are many users who, due to neglect or neglect, do not take this aspect into account. Developer updates are not quirks, but security improvements and fixes that fix bugs and vulnerabilities like those caused by Zero Day attacks.

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker. Thanks.