Microsoft provided a fix for its Office 365, 2019 users affected by the zero-day security flaw that allows attackers to spread malware via an Office document on Windows 10.
The ongoing attacks on Office 365 on Windows Server 2008-2019, both on Windows 8.1 to 10, are infiltrating a security issue called the CVE-2021-40444.
Office 365 Zero-Day Security Flaw: CVE-2021-40444
As per BleepingComputer, the security flaw exists on the browser rendering engine or MSHTML that is being used by Microsoft Office docs, which also serves as the main HTML component for the now-defunct Internet Explorer.
Microsoft is already aware of the ongoing targeted attacks, adding that there is a "limited number" of victims among Windows and Officer users.
It is to note that the ongoing attacks were discovered by various researchers from Mandiant, Expmon, and Microsoft.
Expmon researchers went on to tweet that they were able to reproduce the attack on the security flaw on the latest version of Office 2019 or Office 365 on a Windows 10.
To contextualise this, Protected View also protects against macros.. which are the single biggest source of malware in the security industry, as “Enable Content” in the UI disables it.— Kevin Beaumont (@GossiTheDog) September 7, 2021
Application Guard for Office is an E5 only feature and isn’t used to open docs by default. pic.twitter.com/IiaCic9EWJ
Meanwhile, Microsoft already issued a warning and explained how the attackers are using documents to spread malware on its advisory on Sept. 7.
The tech giant further noted that it is already investigating the remote code execution vulnerability in MSHTML.
Microsoft CVE-2021-40444: How it Works
Microsoft also revealed on its advisory that attackers are developing an ActiveX control to produce malicious Microsoft Office docs, fooling its victims to open what seems to be a harmless file.
According to HelpNetSecurity, aside from tricking users to open the document, attackers also misled victims to exit the Protected View on Microsoft Office--wherein editing features are disabled.
It is worth noting that Microsoft included the Protected View, or also called Application Guard, as a mitigation measure against the security flaw.
The tech giant further noted that Windows users with an account that has fewer rights than an admin account will be less affected by the attack.
Office 365 Security Flaw: How to Fix (Temporarily)
While the security update for the CVE-2021-40444 has yet to be released, Microsoft provided Office 365 users a temporary fix for the security issue.
The tech giant suggested users disable ActiveX controls completely as attackers are using it to produce malicious documents.
That said, here's how to disable ActiveX controls:
- Open Notepad on Windows
- Copy and paste the following text.
Windows Registry Editor Version 5.00
- Save it as a .reg file.
- Open the newly saved .reg file to apply it.
- Restart your PC to make sure it is applied to your system.
This article is owned by Tech Times
Written by Teejay Boris