This Tuesday Microsoft warned of a new Zero Day attack that affects Internet Explorer by taking advantage of Microsoft Office documents . At the moment the company has shared workarounds to mitigate the vulnerability cataloged as CVE-2021-40444 for remote code execution (RCE) in MSHTL.
What is a Zero Day attack?
Zero Day attacks are known as security flaws that are discovered by cybercriminals rather than by the manufacturer or developer itself. The main threat is that until the company or developer releases a corrective patch, attackers have a free hand to take advantage of the security flaw .
On this occasion, the vulnerability CVE-2021-40444 has been classified as important with a severity of 8.8 out of 10 affecting Windows Server from 2008 to 2019, and Windows operating systems from version 8 to 10. The users most vulnerable to these types of attacks are those that operate with accounts with administrative rights.
As reported by the company itself, “Microsoft is aware of the existence of targeted attacks attempting to exploit this vulnerability using specially crafted Microsoft Office documents.”
On the other hand, the Security and Infrastructure Agency of the United States (CISA) also warned of this new attack and invited users to review the mitigation methods shared by Microsoft.
How can we protect ourselves?
Microsoft claims that the attack could create a malicious ActiveX control for Microsoft Office to use. For the attack to take effect, the user would have to open the malicious document.
From EXPMON, a service dedicated to monitoring exploits, they claim that they managed to reproduce the CVE-2021-40444 attack in the latest version of Office 2019 / Office 365 on Windows 10 computers, being a logical and really dangerous failure.
Until a patch is released, Microsoft’s main recommendation is to disable the installation of all ActiveX controls in Internet Explorer . The company itself indicates how to do it through its statement .
When it comes to vulnerabilities, one of the most important aspects is keeping all the protection tools available to us activated. Having an antivirus installed and updated on our computer can make the difference between whether our device is infected or not.
Another fundamental measure is to keep the software we use updated at all times. It seems obvious, but there are many users who due to neglect or neglect do not take this aspect into account. The updates by the developers are not quirks, but improvements and security patches that fix bugs and vulnerabilities such as those caused by Zero Day attacks.