9. September 2021 | | 0 Comments

Warning against attacks with prepared Office documents ActiveX controls must be switched off until a patch is released

According to an alert from Microsoft (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444), the vulnerability (CVE-2021-40444), which is classified with a “high” threat level, affects the HTML rendering engine MSHTML of Windows.

In addition to Internet Explorer, Microsoft Office uses this also. Windows 8.1 to 10 and Windows Server 2008 to 2019 are affected by the vulnerability.

If victims open a prepared Office file, Internet Explorer opens a website controlled by attackers. A Trojan horse then enters the computer via an ActiveX control placed on it.

By default, Office opens documents from the internet in a safe mode. In addition, the protection mechanism of Office Application Guard is supposed to isolate documents and thus, according to Microsoft, prevent attacks of this kind.

In general, you should never open files from unknown sources.

Even if an e-mail sender is known, you should check whether the sender really sent the file. In addition, you should not click on links in e-mails without thinking.

Microsoft plans to make a patch available on the next patch day. Until then, you have to help yourself:

To do this, admins must create a text file, copy the following content into it and save the file with the extension .reg.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1001"=dword:00000003
"1004"=dword:00000003

Then open the file with a double click to add the entries to the Windows Registry. Finally a restart is necessary.

 

 

 

Write a comment