MS Office, Internet Explorer Form Zero Day Attack

John Lister's picture

Security experts have warned users to take extra care opening Microsoft Office files. An unpatched bug in Internet Explorer can affect users regardless of their preferred browser.

The bug takes advantage of the way Office files can open links in Internet Explorer. It means that attackers can craft Office files that, once opened, automatically load an "attack" page in Internet Explorer that installs malware. Exactly what malware to install is up to the attacker.

There is some protection for some users. In many cases, Office will by default open a document in Protected View, which blocks links from automatically open. This won't help in every case, and there's also a risk of users being tricked into switching out of Protected View.

Zero Day Attack

Beyond this, it's a very nasty type of attack known as a Zero Day. That means that attackers are known to be actively exploiting it before Microsoft has issued a security fix. The result is that Microsoft has "zero days" head start in the race to patch machines before they get infected.

Researchers from a company called Expmon say they reported the issue to Microsoft last Sunday. Microsoft has logged it as vulnerability CVE-2021-40444 and is working on a fix. (Source: microsoft.com)

Office 2019 & 365 Affected

Expmon researches say they've successfully tested an attack on Windows 10 computers running Office 2019 and Office 365. They add that the nature of the exploit means it should always work rather than it being a case of hit and miss. (Source: engadget.com)

One security mitigation suggested by Microsoft is to disable the ActiveX feature in Internet Explorer that's hijacked in this attack to deliver the malware. That's more a tip for office IT administrators than ordinary home users, however, as it involves editing the Windows Registry. That's usually only advised for more confident Windows users.

What's Your Opinion?

How often do you open Office documents sent to you by somebody else? Do you take any steps to verify the document and sender are both legitimate? Had you given any thought to the idea that Internet Explorer could be a a security risk even if you don't use it?

Rate this article: 
Average: 5 (5 votes)

Comments

Lion's picture

In Windows 10, will Ctrl Panel > Internet Options > Security: Internet > Custom Level > ActiveX controls and plugins > Disable accomplish this mitigation without editing the registry?

If not, please publish the required registry edits or a link to them.

Thanks,
Dan

Stuart Berg's picture

If you go to
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
and page down to the section heading "To disable ActiveX controls on an individual system via regkey:", you will find the registry changes ready to be applied as a ".reg" file.

buzzallnight's picture

Probably different enough to not work, right?

How often do you open Office documents sent to you by somebody else?
Not very.
Do you take any steps to verify the document and sender are both legitimate?
yes
Had you given any thought to the idea that Internet Explorer could be a a security risk even if you don't use it?

All M$ products are a security risk!!!!!!!!!!!!!!!!!!
and as full of holes as Swiss cheese!!!!!!!!!!!!!!
and their software seems to be getting worse
not better.....