Security News > 2021 > September > Microsoft warns of attacks targeting Office documents
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.
In a security update released on Tuesday, the software giant described its investigation into a remote code execution vulnerability in MSHTML that works through specially crafted Microsoft Office documents.
In the meantime, Microsoft Defender Antivirus and Microsoft Defender for Endpoint both detect and protect against this vulnerability.
Further, Microsoft Office by default opens documents from the internet in Protected View or Application Guard for Office, both of which prevent the current attack.
Office users should make sure that Protected View is enabled.
News URL
Related news
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft discloses unpatched Office flaw that exposes NTLM hashes (source)
- Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft Office 2024 to disable ActiveX controls by default (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft rolls out Office LTSC 2024 for Windows and Mac (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)