Microsoft Office zero-day vulnerability that allows remote code execution is being actively...

Cal Jeffrey

Posts: 3,210   +882
Staff member
Why it matters: Microsoft has received reports of a remote code execution (RCE) vulnerability (CVE-2021-40444) hackers are actively exploiting. The attack uses maliciously crafted Microsoft Office files that open an ActiveX control using the MSHTML browser rendering engine. Vulnerable systems include Windows Server 2008 through 2019 and Windows 7 through 10.

Expmon, one of several security firms that reported the zero-day exploit, told BleepingComputer the attack method is 100-percent reliable making it very dangerous. Once a user opens the document, it loads malware from a remote source. Expmon tweeted that users should not open any Office documents unless they are from an entirely trusted source.

The file that Expmon discovered was a Word document (.docx), but Microsoft did not indicate that the exploit was limited to Word files. Any document that can call on MSHTML is a potential vector. Microsoft does not have a fix for the security hole yet, but it does list some mitigation methods in the bug report.

Aside from being cautious when opening Office documents, running Microsoft Office in its default configuration opens files in Protected View mode, which mitigates the attack (Application Guard in Office 360). Additionally, Microsoft Defender Antivirus and Defender for Endpoint prevent the exploit from executing.

Microsoft also says that users can disable the installation of all ActiveX controls in Internet Explorer. This workaround requires a registry file (.reg), which users can find in the bug report. Executing the REG file transfers the new entries to the Windows registry. A reboot is required for the settings to take effect.

Permalink to story.

 

Uncle Al

Posts: 8,351   +7,163
Seriously speaking .... wouldn´t you think that after all these years and all these hacks, Microsoft would have found and implemented a new and more secure base code for itś software? Is it just me or don´t they have any upper management with any real vision?????
 

Cal Jeffrey

Posts: 3,210   +882
Staff member
Sorry Internet Explorer? What morons are still using that steaming pile of garbage!
Microsoft apparently. From an end-user standpoint, it's not even an IE problem. It's a Microsoft Office/Office 360 issue. Yet, to work around it, you have to disable Active X in IE, which means M$ Office products are still coded to use a browser it plans to retire in less than a year. Pretty clear to me who the morons are.
 

wiyosaya

Posts: 6,727   +5,169
Microsoft apparently. From an end-user standpoint, it's not even an IE problem. It's a Microsoft Office/Office 360 issue. Yet, to work around it, you have to disable Active X in IE, which means M$ Office products are still coded to use a browser it plans to retire in less than a year. Pretty clear to me who the morons are.
Do we really expect anything better from Microsoft? For me, this is a WTF moment. ActiveX has been a known security hole for years and years, and Microsoft has still, apparently, not done anything about it? Definitely a WTF moment in my book.
 

BobHome

Posts: 118   +51
Seriously speaking .... wouldn´t you think that after all these years and all these hacks, Microsoft would have found and implemented a new and more secure base code for itś software? Is it just me or don´t they have any upper management with any real vision?????
Maybe that was what Windows 10X was supposed to be?
But first, they have to root out all the old hardware being used, like requiring TPM?