Microsoft provided a fix for its Office 365, 2019 users affected by the zero-day security flaw that allows attackers to spread malware via an Office document on Windows 10.
The Microsoft logo is seen at its local headquarters in Beijing on July 20, 2021, the day after the US accused Beijing of carrying out cyber attack on Microsoft and charged four Chinese nationals over "malicious" hack in March.
The ongoing attacks on Office 365 on Windows Server 2008-2019, both on Windows 8.1 to 10, are infiltrating a security issue called the CVE-2021-40444.
Office 365 Zero-Day Security Flaw: CVE-2021-40444
As per BleepingComputer, the security flaw exists on the browser rendering engine or MSHTML that is being used by Microsoft Office docs, which also serves as the main HTML component for the now-defunct Internet Explorer.
Microsoft is already aware of the ongoing targeted attacks, adding that there is a "limited number" of victims among Windows and Officer users.
It is to note that the ongoing attacks were discovered by various researchers from Mandiant, Expmon, and Microsoft.
Expmon researchers went on to tweet that they were able to reproduce the attack on the security flaw on the latest version of Office 2019 or Office 365 on a Windows 10.
Meanwhile, Microsoft already issued a warning and explained how the attackers are using documents to spread malware on its advisory on Sept. 7.
The tech giant further noted that it is already investigating the remote code execution vulnerability in MSHTML.
Microsoft CVE-2021-40444: How it Works
Microsoft also revealed on its advisory that attackers are developing an ActiveX control to produce malicious Microsoft Office docs, fooling its victims to open what seems to be a harmless file.
According to HelpNetSecurity, aside from tricking users to open the document, attackers also misled victims to exit the Protected View on Microsoft Office--wherein editing features are disabled.
It is worth noting that Microsoft included the Protected View, or also called Application Guard, as a mitigation measure against the security flaw.
The tech giant further noted that Windows users with an account that has fewer rights than an admin account will be less affected by the attack.
Office 365 Security Flaw: How to Fix (Temporarily)
While the security update for the CVE-2021-40444 has yet to be released, Microsoft provided Office 365 users a temporary fix for the security issue.
The tech giant suggested users disable ActiveX controls completely as attackers are using it to produce malicious documents.
That said, here's how to disable ActiveX controls:
- Open Notepad on Windows
- Copy and paste the following text.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1001"=dword:00000003
"1004"=dword:00000003
- Save it as a .reg file.
- Open the newly saved .reg file to apply it.
- Restart your PC to make sure it is applied to your system.
Related Article: Microsoft Emergency Patch Update Debuts to Combat Exploitation of PrintNightmare Zero-Day Vulnerability
This article is owned by Tech Times
Written by Teejay Boris
