Microsoft has recognized a zero-day vulnerability in its proprietary web browser engine, known as MSHTML or Trident, used among others in Internet Explorer and the Office/365 productivity suite, which allows remote unauthorized code execution with full permissions. All versions of Windows 7, Windows 8, and Windows 10, as well as their server counterparts, are affected; Traces of ongoing exploits have been discovered online.
💥💥⚡️⚡️
EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there’s no patch, we strongly recommend that Office users be extremely cautious about Office files – DO NOT OPEN if not fully trust the source!— EXPMON (@EXPMON_) September 7, 2021
The attack vector is the good old infected Office file. A scammer can create an ActiveX control that will be interpreted by the browser integrated into Office; the user just needs to open the file to open the door to remote code execution. By themselves, Office and Windows 10 already provide some integrated security measures that allow you to foil the attack: just open the file in protected mode, or launch Office using Application Guard. Microsoft Defender antiviruses, among other things, are able to detect and neutralize the threat. By following the SOURCE link you can consult all Microsoft workarounds and detailed technical information.
Microsoft said it is still completing investigations into the vulnerability but has confirmed it will take the necessary actions to close it. We do not know exactly what this means, but it is reasonable to hypothesize a correction in the course of the next Patch Tuesday – or even a specific patch, since the problem is considered quite serious not only by Microsoft (score of 8.8 out of 10) but also by independent researchers, who recreated the problem and confirmed the absolute reproducibility of the attack.
