2 min read

Microsoft Warns of Attacks Exploiting MSHTML Zero-Day in Windows, Offers Mitigations

Filip TRUȚĂ

September 10, 2021

Microsoft Warns of Attacks Exploiting MSHTML Zero-Day in Windows, Offers Mitigations

A new remote code execution vulnerability in Windows can be exploited to take over an affected system, Microsoft announced this week. And researchers warn the company’s mitigations may not be enough to protect against attacks.

Microsoft this week said it became aware of targeted attacks that attempt to exploit a vulnerability in MSHTML by using specially crafted Microsoft Office documents.

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” the advisory from Redmond reads.

“The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Right off the bat, Microsoft tells customers to “keep antimalware products up to date,” and assures those who rely on Windows’ built in security tools that they provide “detection and protections for the known vulnerability.”

The company said Tuesday that one simple mitigation is to leave the ‘Protected View’ dialog that kicks in when Windows sees the ‘Mark of the Web’ (MoTW) tag, which tells Windows the file came from the Internet.

“By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack,” it said.

However, security researchers quickly took to Twitter to show that attackers have ways to trick Windows into skipping the ‘Protected View’ prompt, such as dressing the document up as an archived ZIP file, or by simply switching to the Rich Text File (RTF) format.

Another workaround pushed by Microsoft is to disable the installation of all ActiveX controls in Internet Explorer.

“This can be accomplished for all sites by configuring the Group Policy using your Local Group Policy Editor or by updating the registry,” Microsoft wrote. “Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.”

The advisory offers granular instructions on how to accomplish this, as well as how to undo the workaround when needed.

Patch Tuesday is just around the corner, but it’s unclear whether the September 14 update will include fixes for this newly emerged flaw.

Regardless, users should keep an eye out for suspicious, unsolicited emails hitting their inboxes with attachments. One example shared by researchers this week was a fake letter from an alleged attorney titled “A Letter before court.”

As a general rule, users should not download, let alone open, files from unknown sources, especially if they arrive via unsolicited emails that claim the user must take some immediate action.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software
Silviu STAHIE

September 23, 2021

1 min read
What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer? What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?
Filip TRUȚĂ

September 23, 2021

2 min read
Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day
Silviu STAHIE

September 22, 2021

1 min read