...

Microsoft issues patch for zero-day exploit that uses malicious Office files




  • In Business
  • 2021-09-15 08:07:43Z
  • By Engadget
 

Microsoft has just rolled out an update fixing 66 security vulnerabilities as part of this month's Patch Tuesday. One of them addresses a critical zero-day vulnerability that's being actively exploited by hackers using Office files containing malicious ActiveX controls. A few days ago, Microsoft issued a warning about the flaw after being notified by security researchers who discovered that bad actors are exploiting it by tricking potential victims into opening malicious Office files. Upon being opened, the file automatically launches a page on Internet Explorer, which contains an ActiveX control that downloads malware onto the victim's computer.

When Microsoft published the warning, it didn't have a fix yet and only asked users to make sure Microsoft Defender Antivirus or Microsoft Defender for Endpoint are switch on. Both programs can detect attempts to exploit the vulnerability. It also advised users to disable all ActiveX controls on Internet Explorer. The vulnerability known as CVE-2021-40444 affects Windows Servers from version 2008 and Windows 7 through 10. Security researchers proved that the exploit is 100 percent reliable, and all it would take to infect a computer is to open the file a hacker sends. Now, the new update will make sure the flaw can't be exploited anymore.

In addition to patching CVE-2021-40444, the update also fixes two other critical flaws. As The Register notes, it fixes two remote code execution vulnerabilities for Windows WLAN AutoConfig Service and Open Management Infrastructure.

COMMENTS

More Related News

AMD and Microsoft issue fixes for Ryzen CPU slowdowns on Windows 11
AMD and Microsoft issue fixes for Ryzen CPU slowdowns on Windows 11

The patches should resolve processor slowdowns.

Microsoft starts testing Android apps on Windows 11
Microsoft starts testing Android apps on Windows 11

When Microsoft announced Windows 11, it didn't mention anything about how it wanted to annoy users with a less functional taskbar, but it did talk quite a bit about how its new operating system would feature support for Android apps. It quickly became clear, though, that the first version, which went out only a few weeks ago, wouldn't actually support Android apps. Now, however, Microsoft -- in partnership with Amazon and its app store -- is bringing a small subset of about 50 Android apps to the Windows 11 Insider Program.

Windows 11 beta users can start testing Android apps
Windows 11 beta users can start testing Android apps

Android apps are finally available in Windows 11, but only as part of an Insider Preview release.

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply

Comments

Top News: Business