Word doc that could hack Microsoft computers

/in


Image of Microsoft store in New York

Microsoft has issued a warning about a new vulnerability. (Photo by Nicolas Economou/NurPhoto)

Australians are being urged to avoid certain Microsoft Office documents that have been loaded with malware that could allow hackers to take over personal devices.

Any device that operates on Microsoft Windows is currently vulnerable to this attack.

Microsoft said it was currently investigating this “remote code execution vulnerability” that potentially allows malicious actors to remotely control computers.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” Microsoft said in a .

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.”

Also read:

It appears the main danger is opening the actual document, which would leave the victim exposed to having their device remotely controlled.

“The attacker would then have to convince the user to open the malicious document.”

Users who have administrative user rights are more impacted by this attack than users whose accounts are configured to have fewer rights.

To get into the technicalities, the specific name for this vulnerability is .

How do I protect myself?

According to an (ASCS), titled “ACT QUICKLY: HIGH ALERT”, Microsoft actually doesn’t have a patch yet that protects you from this.

But there are temporary mitigating measures and workarounds that can help protect you in the meantime.

This includes making sure you open documents in Protected View or Application Guard for Office, both of which Microsoft said would prevent the attack.

Meanwhile, if you use Internet Explorer, you should “disabl[e] the installation of all ActiveX controls”.

Microsoft has further instructions on how to do that .

Microsoft also said that their Defender Antivirus and Defender for Endpoint should also protect against this vulnerability.

In the meantime, keep an eye out for any suspicious documents and for security updates from Microsoft.

“Customers should keep anti-malware products up to date. Customers who utilise automatic updates do not need to take additional action,”…

Source…