Security News > 2021 > September > Microsoft shares temp fix for ongoing Office 365 zero-day attacks
Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10.
Microsoft is aware of targeted attacks that try to exploit the vulnerability by sending specially-crafted Microsoft Office documents to potential victims, the company says in an advisory today.
"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document" - Microsoft.
The attack is thwarted if Microsoft Office runs with the default configuration, where documents from the web are opened in Protected View mode or Application Guard for Office 365.
In a tweet today, EXPMON, who reported the security issue to Microsoft on Sunday, says that they found the vulnerability after detecting a "Highly sophisticated zero-day attack" aimed at Microsoft Office users.
EXPMON researchers reproduced the attack on the latest Office 2019 / Office 365 on Windows 10.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Microsoft announces Office LTSC 2024 preview starting next month (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)