Security News > 2021 > September > Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
A recently reported security vulnerability in Microsoft's MSHTML browser engine is being found all over the world, and Kaspersky said it "Expects to see an increase in attacks using this vulnerability."
To make matters worse, the vulnerability is easy to exploit: All an attacker has to do is send a Microsoft Office document to the intended victim that contains a malicious script.
Like plenty of other attacks using malicious documents, the victim has to open the document in order to infect their machine with the attacker's actual payload, which is retrieved by the script in the document.
In the wild, Kaspersky said, most of the detected attacks install backdoors that give attackers additional access to the infected machine.
In situations where updating a Windows system may be difficult, Microsoft has published workarounds that disable ActiveX via group policy, disabled ActiveX with a custom registry key and a Windows Explorer preview disable registry edit that will prevent scripts from being run in without fully opening a document.
News URL
Related news
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft Patched 6 Actively Exploited Zero-Day Flaws (source)
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)