The attacker can share specially designed Microsoft Office files with their targets. These files contain malicious ActiveX controls.
Those using any version of Windows 7 to Windows 10 are at risk of cyberattacks that use malicious Office files. Taking advantage of a security loophole, attackers are able to download malware through corrupt Office files onto a victim’s computer. Microsoft has now accepted the security risk in a recent report and is investigating it.
In its report, Microsoft accepted the vulnerability as Level-0, which means it is being misused by attackers and considered as a “highest priority” risk for users. This security risk lies with Microsoft HTML which allows remote code execution by an attacker. This is possible because an attacker can share specially designed Microsoft Office files with their targets.
These files contain malicious ActiveX controls and automatically open the attacker’s web page on Internet Explorer. Once opened, the website downloads malware to the victim’s computer.
These users are at greater risk
All the attacker has to do is convince the user to open the malicious document. Since these documents are Office files like Word or Excel, users can easily use tricks to open them, assuming they have something important to share. Microsoft states that users whose accounts have low user rights on the system may be less affected, but users who work with administrative user rights can have major impacts from the attack.
The vulnerability is called CVE-2021-40444. In its report, Microsoft noted that Risk runs on all Windows servers since 2008 and on all versions from Windows 7 to Windows 10.
Follow this method to avoid
Microsoft is currently investigating reports of the vulnerability and its exploits and has not yet rolled out a security patch. However, it does share certain methods to prevent attacks that exploit vulnerability. It mentions that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can detect and prevent such attacks. It advises users to keep them updated and active. For users who have automatic updates enabled, no need to worry.
read this also-
7 best smartphones under Rs 10,000, 6000 mAh battery, 48 MP camera and more
TikTok gave a big blow to YouTube, now users are spending more time on short video app than Youtube