Security News > 2021 > September > Microsoft warns of attacks targeting Office documents
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.
In a security update released on Tuesday, the software giant described its investigation into a remote code execution vulnerability in MSHTML that works through specially crafted Microsoft Office documents.
In the meantime, Microsoft Defender Antivirus and Microsoft Defender for Endpoint both detect and protect against this vulnerability.
Further, Microsoft Office by default opens documents from the internet in Protected View or Application Guard for Office, both of which prevent the current attack.
Office users should make sure that Protected View is enabled.
News URL
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)