[ad_1]
Attackers are actively exploiting a Microsoft remote code execution vulnerability using malicious Office files, the tech giant has warned. The vulnerability known as CVE-2021-40444 affects Windows servers version 2008 and Windows 7-10. Attackers send potential victims an Office file and trick them into opening it. This file automatically opens Internet Explorer to load the malicious actor’s web page, which has an ActiveX control that downloads malware to the victim’s computer.
Several security researchers have reported zero-day attacks to Microsoft. One of them, EXPMON’s Haifei Li, said BipComputer that the method is 100 percent reliable – all it would take to infect a system is for the victim to open the malicious file. In Li’s case, the attack they encountered was using a .DOCX document. Microsoft has not yet deployed a security patch for the vulnerability, but has published mitigation methods to prevent infection.
The tech giant claims that Microsoft Defender Antivirus and Microsoft Defender for Endpoint can both detect vulnerability and prevent infection, so users should keep them up to date and running. Additionally, it advises disabling all ActiveX controls in Internet Explorer to make it inactive for all websites. Microsoft’s security warning contains information on how to do this, which involves updating the IE registry and restarting the computer.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.
[ad_2]
Source link