Microsoft confirmed that another vulnerability in Windows 10 circulates on the internet. The attackers with exploit manage to take full control of a computer according to the announcement of Microsoft. The vulnerability has not been fixed.
Visiting a malicious website or opening a malicious document could be enough to allow hackers to take control of your computer. The company cites a number of temporary safety measures to reduce the risk.
The MSHTML Remote Code Execution (CVE-2021-40444) vulnerability was confirmed last night on September 7, 2021.
"Microsoft is investigating some reports of a MSHTML remote code execution vulnerability affecting Windows," the company said.
Microsoft is aware of targeted attacks that attempt to exploit this vulnerability using specially designed Microsoft Office documents.
Such a document simply needs to be opened on a computer for the exploit to work and not just saved.
An attacker could create a malicious ActiveX control that contains the browser rendering engine and put it in an Office document, Microsoft says.
"The attacker must then persuade the user to open the malicious document. Users whose accounts are set to have fewer permissions on the system could be less affected than users with administrator privileges. ”
It is worth mentioning that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can detect and protect you from vulnerabilities. If any of these are running on your computer and are set to update automatically, you are protected.
However, there is still no update that fixes the Windows security vulnerability.
So Microsoft suggests:
For starters, documents from the Internet open automatically in either Protected View or Application Guard for Office, which prevents the malicious ActiveX control from running.
You could, however, disable ActiveX controls. Any existing ActiveX controls you already have will continue to work, the company says.
Microsoft provides accurate instructions on how to do this. But the company's solution involves editing the Windows registry and this should be avoided.