Microsoft Warns of Certain Attacks Through Office Files and How We Can Avoid Them

0

The fact that Microsoft‘s operating system, as well as its own office suite are among the most used every day on millions of computers around the world, makes them prime targets for cybercriminals. In this way, their threats can reach many more people and in this way, get a greater number of victims. On this occasion, Microsoft is warning of the use of certain malicious files that try to install malware on our computers.

Opening a document installs malware on the computer

To do this, they usually use a .DOCX document that automatically opens the Internet Explorer browser to load the malicious website and that contains an ActiveX control that is responsible for automatically downloading the malware onto the victim’s computer. Several security researchers have informed Microsoft of these dangerous practices that are exploiting the CVE-2021-40444 vulnerability.

The researchers themselves have managed to reproduce the attack on computers with the latest version of Office 2019 and Office 365 on Windows 10. The way to act is through a Word document that carries an ActiveX control that is responsible for downloading the malware itself in the computer just by opening that document.

Microsoft has confirmed that it has already got to work to solve the security problem, but in the meantime it is possible that many users could be victims of this type of attack. Therefore, they have given some guidelines to be able to avoid these attacks.

How to avoid it until Microsoft fixes it

The technology giant indicates that Microsoft Defender and Microsoft Defender for Endpoint antivirus itself are capable of detecting this vulnerability and preventing us from being infected. Therefore, it is recommended to review your settings and make sure you have them activated on your computer. In the same way, in Microsoft Office we also find what we know as Application Guard, which allows us to detect untrusted files and avoid this type of infection.

In addition, users who make use of an account that does not have administrator permissions will be less exposed to attacks.

On the other hand, Microsoft indicates that another workaround for Office 365 users is to disable ActiveX controls completely. In this way, we will prevent the hidden malware from the document from being downloaded. However, this requires making a change to some entries in the Windows registry. To do this, we just have to open a notepad and copy the code shown below:

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]

“1001” = dword: 00000003

“1004” = dword: 00000003

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 1]

“1001” = dword: 00000003

“1004” = dword: 00000003

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 2]

“1001” = dword: 00000003

“1004” = dword: 00000003

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3]

“1001” = dword: 00000003

“1004” = dword: 00000003

Next, we save it as a .reg file, we go to the path where we have saved it and we click on it to execute it. This will cause the appropriate changes to be made to the system registry to completely disable ActiveX.

LEAVE A REPLY

Please enter your comment!
Please enter your name here