Microsoft has released a vulnerability report highlighting a security flaw in MSHTML that allows attackers to download malware onto a victim’s machine via corrupted Office files. According to Microsoft’s report, the vulnerability is rated as a level – 0. This indicates that it is being actively exploited by attackers. The risk posed by the same has been termed as a “high priority” risk in the current scenario.
The vulnerability has been termed CVE-2021-40444. In its report, Microsoft notes that the risk runs on all Windows Servers from 2008 and on all Windows versions from 7 to 10. Attackers can download malware onto a victim’s PC by using tainted Office files to exploit a security flaw. In a recent study, Microsoft acknowledged the security issue and stated that it is looking into it.
The security risk is caused by Microsoft HTML, which allows an attacker to execute code remotely.
The attacker shares a specially constructed Microsoft Office file which includes a malicious ActiveX control that causes Internet Explorer to open the attacker’s web page in the target’s device. Once the victim opens the file in their device, the device gets infected.
According to Microsoft, individuals with fewer user rights on the system may be less affected, but those with administrative user rights may face serious consequences as a result of an assault.
Microsoft is currently investigating the reports of the vulnerability is yet to identify any security patch.
So far, Microsoft Defender Antivirus and Microsoft Defender for Endpoint are proven to be effective in mitigating the attack. It recommends that consumers keep their computers up to date and operating. Users who have automatic updates enabled do not need to be concerned.
Microsoft Office thereon would open online documents in Protected View or Application Guard for Office. So both the programmes are capable of thwarting the attack.
Others should disable all ActiveX controls in Internet Explorer to make them inactive for all websites. Users can do this by changing the registry in Internet Explorer and rebooting their computer. It goes on to say that once it’s done, previously installed ActiveX controls will continue to run, but they won’t be vulnerable.