Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  Microsoft Office zero-day vulnerability that allows remote code execution is being actively exploited
PostedinPrivacy and Security Posted on September 10, 2021

Microsoft Office zero-day vulnerability that allows remote code execution is being actively exploited

Posted By Shannon.Smith

Attackers leverage ActiveX to infect systems with malware

Why it matters: Microsoft has received reports of a remote code execution (RCE) vulnerability (CVE-2021-40444) hackers are actively exploiting. The attack uses maliciously crafted Microsoft Office files that open an ActiveX control using the MSHTML browser rendering engine. Vulnerable systems include Windows Server 2008 through 2019 and Windows 7 through 10.

Expmon, one of several security firms that reported the zero-day exploit, told BleepingComputer the attack method is 100-percent reliable making it very dangerous. Once a user opens the document, it loads malware from a remote source. Expmon tweeted that users should not open any Office documents unless they are from an entirely trusted source.

The file that Expmon discovered was a Word document (.docx), but Microsoft did not indicate that the exploit was limited to Word files. Any document that can call on MSHTML is a potential vector. Microsoft does not have a fix for the security hole yet, but it does list some mitigation methods in the bug report.

Aside from being cautious when opening Office documents, running Microsoft Office in its default configuration opens files in Protected View mode, which mitigates the attack (Application Guard in Office 360). Additionally, Microsoft Defender Antivirus and Defender for Endpoint prevent the exploit from executing.

Microsoft also says that users can disable the installation of all ActiveX controls in Internet Explorer. This workaround requires a registry file (.reg), which users can find in the bug report. Executing the REG file transfers the new entries to the Windows registry. A reboot is required for the settings to take effect.

Source

Tags: Microsoft Security
Share on Facebook Share on Twitter
Previous Article
Lock down your Microsoft 365 account and keep hackers out in 5 easy steps
Next Article
It’s now easier to create a Windows 11 install USB drive. Here’s what you need to know

About Author

Shannon.Smith

Related Posts

  • Royal Mail’s ‘Cyber Incident’ Turns Out to Be Ransomware

    January 13, 2023
  • People are already trying to get ChatGPT to write malware

    January 9, 2023
  • Hardware drivers approved by Microsoft used in ransomware attacks

    December 14, 2022
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • 3:34-3:37 See the Reimage Bolshoy December 17, 2008 Archive
  • Google reverse image search for your phone or browser: How to do it and why March 16, 2021 Computer Help
  • Zenfone 8 review: Asus’ small but mighty phone hits the mark May 12, 2021 Reviews
  • Sophos Discovers New Trojan Malware May 25, 2009 Archive
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok