Microsoft confirmed that another Windows 10 vulnerability is circulating in the Internet. The attackers with exploit manage to take full control of a computer according to the announcement of Microsoft. The vulnerability has not been fixed.
Visiting or opening a malicious website maliciousy document could be enough to allow hackers to take control of your computer. The company cites a number of temporary security measures to reduce the risk.
The MSHTML Remote Code Execution (CVE-2021-40444) vulnerability was confirmed last night on September 7, 2021.
"Microsoft is investigating some reports of a MSHTML remote code execution vulnerability affecting Windows," the company said.
Microsoft is aware of targeted attacks that attempt to exploit this vulnerability using specially designed Microsoft Office documents.
Such a document simply needs to be opened on a computer for the exploit to work and not just saved.
An attacker could create a malicious control ActiveX που περιέχει τη browser rendering engine και να το βάλει σε ένα έγγραφο του Office, αναφέρει η Microsoft.
"The attacker must then persuade the user to open the malicious document. Users whose accounts are set to have fewer permissions on the system could be less affected than users with administrator privileges. ”
It is worth mentioning that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can detect and protect you from the vulnerability. If any of these are running on your computer and are set to update automatically, you're protected.
However, there is still no update that fixes the Windows security vulnerability.
So Microsoft suggests:
For starters, have documents from the Internet automatically open in either Protected View or Application Guard for Office, which prevents the malicious ActiveX control from running.
You could, however, disable ActiveX controls. Any existing ActiveX controls you already have will continue to work, the company says.
Microsoft provides accurate instructions on how to do this. But the company's solution involves editing the Windows registry and this should be avoided.
