A new Windows vulnerablity actively exploited using phishing attacks
Author: Harsh Panchal
Early this month Microsoft has published a note on a critical vulnerability that allows attackers to fully gain access to the user device. Just by opening a simple Microsoft Office document without having macro-enabled, the attacker can have full access to the user system. This vulnerability is known as MSHTML remote code execution and CVE-2021-40444.
Attackers and security researchers are taking advantage of this vulnerability to gain access to the end-user device without getting detected by the antivirus and anti-malware solutions. Microsoft has warned the community and all users as they have still not published any official security patch for this vulnerability. All Windows 10 versions and some Windows Servers are targeted using this vulnerability.
This exploit renders the Active X engine that has been used in the Microsoft Operating system. Furthermore, this is not only working on Internet Explorer but it works with Microsoft Office products as well. Here is the attack chain that has been provided by Microsoft.
Microsoft has not officially released any security patch for this vulnerability as it is still under-investigated. However, they have published a workaround mitigation guide that can help you to protect your business against such attacks. Please note that applying this workaround will impact the ability of printing services on Windows devices therefore, you won't be able to print certain documents because they rely on Active X controls. Alternatively, if you have enabled the attack surface reduction rules on your Microsoft environment then this attack will not be impacted by this exploit.
If you are using SentinelOne as your Antivirus defence then you can also mitigate and capture this vulnerability using the rules and policy and also mitigate and remediate the attack with just a click of a button. For more details please contact our support team at hello@techforce.co.uk.
Related Articles
TechForce Cyber Talks Cyber Security to the Portlethen Academy Students
TechForce's Arbrar visits Portlethen Academy to educate the students on Cyber Security wellness and provide hints and tips for ensuring they are cyber safe.
More5 Reasons to get Cyber Essentials and Plus for your Business
There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much.
MoreWhat Exactly Happens During the Cyber Essentials Plus Technical Audit?
This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus...
MoreCyber Essentials for Remote Businesses
Cyber essentials refer to the fundamental technical controls and practices that businesses need to have in place to protect their digital systems and data from cyber threats.
More
FOR LATEST UPDATES SUBSCRIBE HERE: