Microsoft warns Windows users of hacking attack through MS Office, shares tips on how to be safe
Those using any version from Windows 7 to Windows 10 are at risk of a cyber-attack that uses malicious Office files. Exploiting a security loophole, attackers are able to download malware onto a victim’s computer through corrupt Office files. Microsoft has now acknowledged the security risk in a recent report and is investigating it.
In its report, Microsoft acknowledged the vulnerability to be a level – 0, meaning that it is being actively exploited by attackers and is considered as a “highest priority” risk for the users. As for what it is, the security risk lies with Microsoft HTML that allows remote code execution by an attacker.
This works because an attacker can share a specially crafted Microsoft Office file with a potential target. These files contain a malicious ActiveX control and automatically open the attacker’s web page on Internet Explorer. Once opened, the website downloads malware onto the victim’s computer.
Therefore, all an attacker has to do is convince the user to open the malicious document. Since these documents are Office files like Word or Excel, users can easily get tricked into opening them, assuming they have something important to share. Microsoft explains that users whose accounts have fewer user rights on the system could be less impacted, but users who operate with administrative user rights can have major implications from an attack.
The vulnerability has been termed CVE-2021-40444. In its report, Microsoft notes that the risk runs on all Windows Servers from 2008 and on all Windows versions from 7 to 10.
Microsoft is currently investigating the reports of the vulnerability and its exploitation and is yet to roll out a security patch. However, it shares some mitigation methods to prevent an attack that exploits the vulnerability.
It mentions that Microsoft Defender Antivirus and Microsoft Defender for Endpoint can both detect and prevent the said attack. It advises users to keep them updated and running. For those users who have automatic updates enabled need not worry.
It also explains that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default. Both the applications can prevent the attack.
For others, Microsoft recommends disabling all ActiveX controls in Internet Explorer to make them inactive for all websites. Users can do this by updating Internet Explorer’s registry and rebooting their system. It explains that once it is done, previously installed ActiveX controls will continue to run but would not expose this vulnerability.
News Credit: India Today