Security News > 2021 > September > Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
A recently reported security vulnerability in Microsoft's MSHTML browser engine is being found all over the world, and Kaspersky said it "Expects to see an increase in attacks using this vulnerability."
To make matters worse, the vulnerability is easy to exploit: All an attacker has to do is send a Microsoft Office document to the intended victim that contains a malicious script.
Like plenty of other attacks using malicious documents, the victim has to open the document in order to infect their machine with the attacker's actual payload, which is retrieved by the script in the document.
In the wild, Kaspersky said, most of the detected attacks install backdoors that give attackers additional access to the infected machine.
In situations where updating a Windows system may be difficult, Microsoft has published workarounds that disable ActiveX via group policy, disabled ActiveX with a custom registry key and a Windows Explorer preview disable registry edit that will prevent scripts from being run in without fully opening a document.
News URL
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)