As we all know, Windows is always showing security holes, which are constantly fixed through new updates.
This week, Microsoft confirmed a new system flaw related to remote execution, which causes Office files to be used to attack computers running Windows 10, Windows Server and earlier versions of these operating systems.
Baptized as CVE-2021-40444, the flaw involves MSHTML, a rendering engine developed for Internet Explorer, but which can also be used by Office tools. This is a zero-day vulnerability (which is not yet patched).
The crash is activated when a user opens an Office file that triggers MSHTML to open a fake web page. The page in question has an ActiveX control that downloads malware to the victim’s PC.
The problem has been reported by several digital security companies, who claim that a simple .DOCX file is enough to execute the flaw.
What to do to protect yourself?
According to Microsoft, the attack can be blocked if the Office tools are run with the default setting, which opens web documents in a protected view mode or via the Microsoft Defender Application Guard for Office security tool.
Protected view is a kind of reading mode that disables editing functions. Application Guard is an enterprise-focused tool that isolates untrusted documents.
Another alternative is to disable ActiveX controls through a procedure in the Windows Registry. Microsoft instructs in this post how the procedure should be done.
Now that the flaw has been identified, Microsoft should be working on a fix, which could be released in the next few days.
Have you had any security issues on Windows?