Security News > 2021 > September > New 0-Day Attack Targeting Windows Users With Microsoft Office Documents
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.
"Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said.
"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," it added.
EXPMON, in a tweet, noted it they found the vulnerability after detecting a "Highly sophisticated zero-day attack" aimed at Microsoft Office users, adding it passed on its findings to Microsoft on Sunday.
It's worth noting that the current attack can be suppressed if Microsoft Office is run with default configurations, wherein documents downloaded from the web are opened in Protected View or Application Guard for Office, which is designed to prevent untrusted files from accessing trusted resources in the compromised system.
Microsoft, upon completion of the investigation, is expected to either release a security update as part of its Patch Tuesday monthly release cycle or issue an out-of-band patch "Depending on customer needs." In the interim, the Windows maker is urging users and organizations to disable all ActiveX controls in Internet Explorer to mitigate any potential attack.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/8XfTlHB1Kh8/new-0-day-attack-targeting-windows.html
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft: Windows Recall now can be removed, is more secure (source)
- Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)