Microsoft is working to fix Office documents vulnerability on Windows 10
Microsoft is investigating a report of a remote code execution vulnerability in MSHTML that affects Windows. The company explains in a security report that it is aware of targeted attacks that attempt to exploit the vulnerability using Microsoft Office documents. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide vulnerability detection and protection.
Microsoft explains that an attacker could use a malicious ActiveX control hidden in an Office document. The threat actors are crafting these documents in a way that might trick people into activating ActiveX control. Microsoft does not specifically mention the recent “Windows 11 Alpha” malware attacks, but the methods used in this attack appear to be similar to what Microsoft describes in its report.
VPN offers: lifetime license for $ 16, monthly plans for $ 1 and more
The attacks mentioned by Microsoft also appear to be related to the upcoming change in the way Office handles trusted documents. The Microsoft 365 roadmap indicates that Office 365 will soon follow IT administrator policies that block active content in trusted documents.
Microsoft presents mitigation measures and workarounds for the problem that administrators can now use. The company explains that “by default, Microsoft Office opens documents from the Internet in Protected Mode or Application Guard for Office, which prevents the attack in progress.”
Users can also disable the installation of ActiveX controls in Internet Explorer to mitigate the attack. It is important to note that editing the registry involves risks if not done correctly.
The Cybersecurity and Infrastructure Security Agency encourages users to review Microsoft’s mitigation measures and workarounds.
After Microsoft completes its investigation, it may roll out updates for the issue through regular Patch Tuesday updates or out-of-cycle security updates.
We can earn a commission for purchases using our links. Learn more.