Attackers take advantage of ActiveX software to infect systems with malware.
Microsoft has received some reports of a remote code execution (RCE) vulnerability that hackers are actively exploiting. The malware uses maliciously crafted Microsoft Office files that open an ActiveX control using the MSHTML browser rendering engine.
Windows Server 2008, Windows Server 2019, Windows 7 and 10 operating systems are affected by the vulnerability, which was registered with the code name CVE-2021-40444. Reporting the zero-day vulnerability, Expmon says the attack method appears to be 100% reliable, making it very dangerous.
When a user opens the document, malware from a remote source is installed on the system. Expmon underlines that users should not open any Office documents unless they come from a completely reliable source.
The file that the security company discovered was a Word document with the extension “.docx”. But Microsoft says the exploit isn’t limited to Word files, and any document that can invoke MSHTML could be potentially harmful. Microsoft does not yet have a fix for the vulnerability, but the bug report lists some methods that can mitigate the vulnerability.
When opening Office documents, it is necessary to be careful in terms of file source. In addition, running Microsoft Office in its default configuration opens files in Protected View mode, which reduces risk.
Additionally, Microsoft Defender Antivirus and Defender for Endpoint are able to block the execution of the vulnerability. Microsoft also says that users can disable the installation of all ActiveX controls in Internet Explorer.