Security News > 2021 > September > Microsoft warns of attacks targeting Office documents
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.
In a security update released on Tuesday, the software giant described its investigation into a remote code execution vulnerability in MSHTML that works through specially crafted Microsoft Office documents.
In the meantime, Microsoft Defender Antivirus and Microsoft Defender for Endpoint both detect and protect against this vulnerability.
Further, Microsoft Office by default opens documents from the internet in Protected View or Application Guard for Office, both of which prevent the current attack.
Office users should make sure that Protected View is enabled.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)