Cybercriminals have devised a new technique for spreading malware that exploits Windows users who view Microsoft Office documents.
Microsoft disclosed that a critical Internet Explorer vulnerability is being exploited in the wild to take over susceptible Windows PCs by luring users into opening weaponized Office documents.
The remote code execution vulnerability is tracked as CVE-2021-40444 and has CVSS score of 8.8. According to the information that has been revealed, the flaw is rooted in MSHTML (Trident), a proprietary browser engine of the former Internet Explorer that is used in Office to display web content in Word, Excel, and PowerPoint documents.
In the advisory published on Tuesday, Microsoft has informed that there is an ongoing investigation of a remote code execution vulnerability in MSHTML, which reportedly affects Microsoft Windows. The tech giant has confirmed that there is evidence of targeted attacks that are trying to abuse the detected vulnerability by using specially designed Microsoft Office documents.
According to the report, the browser rendering engine may be exploited through a malicious ActiveX component crafted by an attacker and included in a Microsoft Office document. However, the attacker must persuade the victim to open the maliciously crafted file. Users who have their account privileges restricted on the system may be less affected than those with full administrative privileges, the report explains.
Microsoft thanked two groups of researchers for discovering the issue, but it did not reveal how the vulnerability has been exploited, who was the malicious actor behind the attacks, or who was targeted.
It’s important to note, however, that if Microsoft Office is run in its default configuration, the current attack can be blocked by opening documents downloaded from the web in Protected View or Application Guard for Office, both of which are designed to prevent malicious files from accessing trusted resources in the compromised system.
After the ongoing investigation completes, Microsoft is expected either to provide a security update inside its monthly Patch Tuesday release cycle or to offer a “customer-based” out-of-band patch. To prevent any harm from possible attacks, Microsoft is asking Windows users and businesses to deactivate all ActiveX components in Internet Explorer.