A Windows flaw exposes users to remote attacks by opening infected Office documents. Taking advantage of a vulnerability in MSHTML, Internet Explorer’s rendering engine, hackers create Office files containing a malicious ActiveX control. When the victim opens the document, malware is installed on the computer. The breach affects Windows versions 7 to 10, as well as Windows Server – from the 2008 edition to the 2019 edition.
- Seven Security Tweaks Every User Should Make in Windows 10
Named CVE-2021-40444, the flaw was disclosed by the Microsoft Security Response Center (MSRC), the company’s cybersecurity team, on Tuesday (7). The breach is of a zero-day type (already exploited by attackers, but not yet fixed) and rated 8.8 on the Common Vulnerability Scoring System (CVSC), an index that measures, on a scale of zero to 10, the level of severity of a security vulnerability.
Internet Explorer Crash Exposes Windows Users When Opening Microsoft Office Documents — Photo: Disclosure/Microsoft
What is the best Windows? Opinion on the TechTudo Forum
The impacts of the attack are severe. Once a computer is infected, intruders can modify any files and even deny access to PC resources completely, temporarily or permanently. All data is available to the hacker, which results in a loss of complete confidentiality.
The most exposed users are those with administrator rights on Windows. Accounts set up with less power, as is often the case with corporate employees or students, are less affected by the flaw in Trident, the official name of MSHTML.
Microsoft has not yet released any security patches, which can be either on a one-off basis or through so-called “Patch Tuesday”, a security update package usually released on the second Tuesday of the month. In any case, the developer says that Microsoft Defender Antivirus and Microsoft Defender for Endpoint protect against the CVE-2021-40444 vulnerability, as long as they are up to date.
Image shows computer screen with updated Windows Defender; software helps protect your PC against attacks — Photo: Filipe Garrett/TechTudo
Another software from the company that helps with the problem is Application Guard for Office. It isolates potentially dangerous files through hardware-based virtualization, allowing the user to open and edit documents without compromising their own machine.
One recommendation that mitigates the risk of attack is to open Office documents in Protected View. If the file is corrupted, Microsoft’s verification system will warn the user of the risk.
Alternatively, the user can still disable all Internet Explorer ActiveX controls. However, Microsoft warns that using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system.
With information from Microsoft and redmond
See too: How to record a Windows notebook screen
How to record a Windows notebook screen