[ad_1]
Microsoft just rolled out an update that fixes 66 security vulnerabilities as part of this month’s Patch Tuesday. One of them deals with a critical zero-day vulnerability that is actively exploited by hackers using Office files that contain malicious ActiveX controls. A few days ago, Microsoft issued a warning regarding the vulnerability after being informed by security researchers who discovered that bad actors were exploiting it by tricking potential victims into opening malicious Office files. Once opened, the file automatically launches a page on Internet Explorer, which contains an ActiveX control that downloads malware to the victim’s computer.
When Microsoft issued the warning, it didn’t have a fix yet and only asked users to make sure Microsoft Defender Antivirus or Microsoft Defender for Endpoint are turned on. Both programs can detect attempts to exploit the vulnerability. He also advised users to disable all ActiveX controls on Internet Explorer. The vulnerability known as CVE-2021-40444 affects Windows servers version 2008 and Windows 7-10. Security researchers have proven the exploit to be 100% reliable, and whatever it takes to to infect a computer is to open the file sent by a hacker. Now, the new update will ensure that the flaw can no longer be exploited.
In addition to fixing CVE-2021-40444, the update also fixes two other critical flaws. As The Register notes, it fixes two remote code execution vulnerabilities for Windows WLAN AutoConfig service and Open Management Infrastructure.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.
[ad_2]
Source link