One of the methods most used by hackers to attack their victims’ computers is through malicious email attachments. These types of attacks are especially dangerous when targeting zero-day vulnerabilities. This is precisely what is happening with a recent campaign. This takes advantage of a bug not fixed by Microsoft to infect Windows computers via Office files.
Ha Microsoft itself has issued a warning that a remote code execution vulnerability is being actively exploited in its operating systems. The bug, known as CVE-2021-40444, affects all versions of Windows 7, Windows 8 and Windows 10 . And it also impacts Windows Server 2008 editions onwards. According to the company’s own report, the attack has a severity level of 8.8 on a scale of a maximum of 10.
What the attackers are doing is sending files from Office infected in order to get users to open them. In general, in order to persuade the victims, documents that appear to be legitimate are used. However, when someone opens the file, it automatically launches Internet Explorer and loads a malicious page with an ActiveX control that downloads malware that infects Windows .
Microsoft has not yet released a security patch
A group of company researchers cybersecurity officers, including Haifei Li from EXPMON , informed Microsoft about the zero-day vulnerability last Sunday. The company has not been slow to respond that “they are investigating the reports” to release a patch. However, they have acknowledged the problem and said that in case of infection, users with limited accounts may be less affected than those with administrator privileges.
Microsoft points out that the attack did not it can be carried out in case the infected Office file is opened in Protected View or Application Guard mode in Office 365. The former is a read-only function. The second isolates the document in a secure environment and denies access to shared network resources and system files. However, it is advisable never to open documents that come from untrusted sources .
The Redmond company recommends disabling ActiveX controls in Internet Explorer to prevent infection. But this is a task that requires modifying the Windows registry and restarting the computer. It also recommends keeping Microsoft Defender and Microsoft Defender for Endpoint updated, their own security solutions that, according to them, are capable of stopping the threat.