Home News New 0-Day Attack Targeting Windows Users With Microsoft Office Documents

    New 0-Day Attack Targeting Windows Users With Microsoft Office Documents


    Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Web Explorer that is getting used to hijack weak Home windows methods by leveraging weaponized Workplace paperwork.

    Tracked as CVE-2021-40444 (CVSS rating: 8.8), the distant code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Web Explorer and which is utilized in Workplace to render net content material inside Phrase, Excel, and PowerPoint paperwork.

    “Microsoft is investigating experiences of a distant code execution vulnerability in MSHTML that impacts Microsoft Home windows. Microsoft is conscious of focused assaults that try to use this vulnerability through the use of specially-crafted Microsoft Workplace paperwork,” the corporate said.

    “An attacker may craft a malicious ActiveX management for use by a Microsoft Workplace doc that hosts the browser rendering engine. The attacker would then should persuade the consumer to open the malicious doc. Customers whose accounts are configured to have fewer consumer rights on the system may very well be much less impacted than customers who function with administrative consumer rights,” it added.

    The Home windows maker credited researchers from EXPMON and Mandiant for reporting the flaw, though the corporate didn’t disclose extra specifics in regards to the nature of the assaults, the identification of the adversaries exploiting this zero-day, or their targets in mild of real-world assaults.

    EXPMON, in a tweet, famous that they discovered the vulnerability after detecting a “extremely subtle zero-day assault” aimed toward Microsoft Workplace customers, including it handed on its findings to Microsoft on Sunday.

    “The exploit makes use of logical flaws so the exploitation is completely dependable (& harmful),” EXPMON researchers stated.

    It is, nonetheless, price noting that the present assault may be suppressed if Microsoft Workplace is run with default configurations, whereby paperwork downloaded from the net are opened in Protected View or Application Guard for Office, which is designed to forestall untrusted information from accessing trusted sources within the compromised system.

    Microsoft, upon completion of the investigation, is anticipated to both launch a safety replace as a part of its Patch Tuesday month-to-month launch cycle or situation an out-of-band patch “relying on buyer wants.” Within the interim, the Home windows maker is urging customers and organizations to disable all ActiveX controls in Web Explorer to mitigate any potential assault.

    Source link