A new threat has emerged for Windows 10 users, where a user can become the victim of a cyberattack by just opening a malicious Microsoft Office document unsuspectingly.
The ‘zero-day’ vulnerability, reported by a leading computer security and cybercrime blog, can also be triggered by visiting untrustworthy websites on the Internet Explorer.
As reported, the attack leverages a component of the browser app Internet Explorer called MSHTML. Users who have shifted from IE to Microsoft Edge should be safe from this exploit.
The exploit can target both Microsoft Office 2019 and Office 365. However, the cyberattack is only possible if a user opens the malicious Office document. There isn’t a patch from Microsoft currently available to fix the issue but there is an advisory with suggestions to help users ensure cyber safety.
EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there’s no patch, we strongly recommend that Office users be extremely cautious about Office files – DO NOT OPEN if not fully trust the source!
— EXPMON (@EXPMON_) September 7, 2021
Microsoft has reportedly suggested that Internet Explorer users disable the ‘ActiveX controls’ installation on their device. However, this action will need users to update the Windows Registry.
Nevertheless, there is some default protection for Microsoft Office users as all Office Documents downloaded online open in Protected View or in Application Guard for MS Office.
To ensure safety, users are advised to not open any documents that may appear suspicious. Internet Explorer users are advised to refrain from visiting untrustworthy websites. Users can run a security suite to keep their device safe. As reported, a patch for this vulnerability may be available from Microsoft on September 14.