Security News > 2021 > September > Microsoft warns of attacks targeting Office documents
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.
Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.
In a security update released on Tuesday, the software giant described its investigation into a remote code execution vulnerability in MSHTML that works through specially crafted Microsoft Office documents.
In the meantime, Microsoft Defender Antivirus and Microsoft Defender for Endpoint both detect and protect against this vulnerability.
Further, Microsoft Office by default opens documents from the internet in Protected View or Application Guard for Office, both of which prevent the current attack.
Office users should make sure that Protected View is enabled.
News URL
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)