Microsoft confirmed that another Windows 10 vulnerability is circulating in the Internet. Οι επιτιθέμενοι με το exploit manage to take full control of a computer according to Microsoft's announcement. The vulnerability has not been patched.
Visiting a malicious website or opening a malicious document could be enough to allow hackers to take control of your computer. The company cites a number of temporary safety measures to reduce the risk.
The MSHTML Remote Code Execution (CVE-2021-40444) vulnerability was confirmed last night on September 7, 2021.
“Microsoft is investigating some reports of a remote execution vulnerability code in MSHTML affecting Windows," the company said.
Microsoft is aware of targeted attacks that attempt to exploit this vulnerability using specially designed Microsoft Office documents.
Such a document simply needs to be opened on a computer for the exploit to work and not just saved.
An attacker could create a malicious ActiveX control that contains browser rendering engine and put it in an Office document, Microsoft says.
“The attacker would then have to convince the user to open the malicious document. The users whose accounts are set to have fewer privileges on the system could be less affected than users operating with administrative privileges.”
It is worth mentioning that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can detect and protect you from vulnerabilities. If any of these are running on your computer and are set to update automatically, you are protected.
However, there is still no update that fixes the Windows security vulnerability.
So Microsoft suggests:
For starters, documents from the Internet open automatically in either Protected View or Application Guard for Office, which prevents the malicious ActiveX control from running.
You could, however, disable ActiveX controls. Any existing ActiveX controls you already have will continue to work, the company says.
Microsoft provides accurate instructions on how to do this. But the company's solution involves editing the Windows registry and this should be avoided.
