New Zero-Day Vulnerability Targeting Windows Users

Microsoft issued a security alert yesterday to users about a zero-day vulnerability in Internet Explorer that, if exploited, allows attackers to take control of a Windows system through the use of a weaponized Office document.

Sep 8, 2021 - 07:17 Updated: Sep 8, 2021 - 12:51

New Zero-Day Vulnerability Targeting Windows Users / Image Credits: Hackread

Microsoft issued a security alert yesterday to users about a zero-day vulnerability in Internet Explorer that, if exploited, allows attackers to take control of a Windows system through the use of a weaponized Office document.

The issue at hand is marked as CVE-2021-40444 and has a CVSS score of 8.8. The remote code execution vulnerability is linked to the Trident browser engine, a proprietary framework that was formerly used to display online content in documents created with Office suite, such as PowerPoint Excel, and Word, according to The Hacker News.

However, while Microsoft did not reveal the nature of the attacks, the attackers' identities, or their targets in real-world attacks, they did credit EXPMON and Mandiant researchers for uncovering the vulnerability.

EXPMON said in a tweet:

????????⚡️⚡️
EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there's no patch, we strongly recommend that Office users be extremely cautious about Office files - DO NOT OPEN if not fully trust the source!
— EXPMON (@EXPMON_) September 7, 2021

Microsoft notes "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine."

A fix for this vulnerability will be released soon

The company adds that once a threat actor has duped the user into opening the malicious document, they would have to trick the user into going forward with the act. It is probable that users who are limited in their administrative rights could be harmed less than those who have full administrative privileges.

While this is vulnerability is still exploited, the present attacks can be avoided by running Microsoft Office in Protected View or by using Application Guard for Office, which prevents untrusted files from accessing the system's trusted resources.

Following the study, Microsoft is likely to provide either a monthly security update or an out-of-band fix, depending on consumer demand. Microsoft advises users to disable all ActiveX controls in Internet Explorer to avoid a security problem.