Just recently, we were notified of a new threat called the Microsoft Word Zero-Day Exploit. Hackers strike again and exploit Microsoft Word documents to hack Windows. Stop what you are doing! Do not open a Microsoft Word document if you don’t trust the person (or don’t know the person) that sent it to you.
What Are the Details
It was just recently announced that a bug was uncovered in Microsoft’s proprietary MSHTML browser engine. According to Wikipedia, “Trident (also known as MSHTML) is a proprietary browser engine for the Microsoft Windows version of Internet Explorer, developed by Microsoft.”
Hackers are capable of accessing remote code execution in all versions of Windows. These same hackers create specially designed Word documents to exploit this zero-day bug. Since MSHTML is also used by several Microsoft products, including Skype, Visual Studio, and Microsoft Outlook, this issue can get out of hand quickly and cause serious damage to your computer.
Microsoft has assigned the code of CVE-2021-40444 to this widespread bug and gave it a CVSS score of 8.8. To put it mildly, this is a very dangerous hack and one that you should be aware of and know how to protect yourself against it.
How Does the Zero-Day Exploit Work
The attack begins when users open a Word document that is infected with bad data. This document will contain a specially-crafted ActiveX control meant for handling by the MSHTML engine.
The vindictive attack lets loose its damage when an unsuspecting computer user opens an Office file coded with malicious data. Once the user opens the file, the file does not hesitate but automatically launches a page on Internet Explorer. That page has an ActiveX control that downloads malware onto your computer should you open that altered file.
At first, Microsoft recommended that all users ensure that they have Microsoft Defender Antivirus activated and remove ActiveX from computers.
Is There a Patch
Users can now breathe a little easier. According to Engadget, Microsoft just released a patch that addresses 66 security vulnerabilities. One of these vulnerabilities is the CVE-2021-40444. So, what can you do to stay safe and not be a part of exploited Word Documents? Let’s take a look at what you need to do to protect yourself.
First, you need to do this now. Install the security update developed by Microsoft specifically for the MSHTML exploit.
Secondly, you need to improve your cybersecurity, so you are safer online.
Third, become familiar with the common types of cybersecurity attacks to avoid falling into dangerous situations.
And remember: Don’t open files or links if you don’t know the sender!
And don’t forget. We are right here to help you out. Just get in touch with our help desk. Enjoy User Freedom and get your own personal IT Helpdesk.
#zerodayexploit # MSHTMLexploit
This post was written by Megabite