Microsoft has released a new security patch for the critical security zero-day vulnerability. Thus, the danger on Office applications was eliminated.
Microsoft has released an important update for the zero-day vulnerability that uses malicious Office files. The update released Tuesday covers Office files containing ActiveX controls. Microsoft, which has warned its users against malicious people who have been phishing attacks to open malicious Office files in the past days, took precautions in no time.
Microsoft has completely eliminated the danger
Exploited by hackers using Office files that contain ActiveX controls, the zero-day vulnerability automatically opens a page in Internet Explorer containing an ActiveX control that downloads malware onto the victim’s computer, after the victim clicks the file.
In its warning for the zero-day vulnerability, Microsoft asked its users to make sure that Microsoft Defender Antivirus or Microsoft Defender for Endpoint is turned on. The software giant stated that it was able to detect attempts to exploit the vulnerability in both of its programs.
The company also advised users to disable all activex controls in Internet Explorer. The vulnerability, known as CVE-2021-40444, is stated to affect all servers from version 2008 to Windows 10.
In addition, it is stated that with the update, besides the CVE-2021-40444 vulnerability, two other critical flaws were also fixed.