Microsoft Warns of zero-day flaw impacting Internet Explorer
Microsoft alerted of an actively exploited zero-day vulnerability affecting Internet Explorer. This flaw leverages infected Office documents to hijack vulnerable Windows systems.
The remote code execution flaw is tracked as CVE-2021-40444 (CVSS score: 8.8). It is rooted in MSHTML, which is a proprietary browser engine for Internet Explorer and has been discontinued for now. It is used in Office to facilitate web content inside Word, Excel, and PowerPoint documents.
The company claimed that Microsoft is investigating about the vulnerability. It added that it is aware of attacks that exploit this vulnerability by using weaponized Microsoft Office documents.
The company further stated that a threat actor could design a malicious ActiveX control for the Microsoft Office document that holds the browser rendering engine. The users are then persuaded to open the malicious document. In such a case, the users with administrative rights will be more impacted than those whose accounts have fewer rights on the system.
Researchers from EXPMON and Mandiant are being praised for reporting the flaw. Microsoft did not disclose the details about the nature of the attacks, the adversaries’ identity who are involved in exploiting this zero-day, or their goals.
EXPMON researchers labeled the exploitation to be dangerous as the exploit uses logical flaws. They found the vulnerability after noticing an extremely sophisticated zero-day attack targeting Microsoft Office users. Once identified, the findings were passed onto Microsoft.
The current attack can be overcome if the users run Microsoft Office with default configurations, where any web downloaded documents are opened in Protected View or Application Guard for Office, devised to avoiding untrusted files from accessing trusted resources.
Once the analysis is complete, Microsoft is expected to issue a security update as per customer needs. For the time being, Microsoft is recommending users and organizations to disable all Internet Explorer’s ActiveX controls to alleviate potential attacks.