Threat actors are exploiting a zero-day vulnerability in a critical Internet Explorer (opens in new tab) (IE) component to target Microsoft Office (opens in new tab) users, warn cybersecurity (opens in new tab) researchers.
The attack was detected by researchers at the exploit detection service, Expmon, who brought it to the attention of Microsoft, which has now published a security advisory on the ongoing threat.
“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” Microsoft warns through its advisory (opens in new tab).
- Take a look at our list of the best web browsers (opens in new tab)
- Protect your devices with these best antivirus software (opens in new tab)
- These are the best malware removal (opens in new tab) software on the market
The vulnerability, tracked as CVE-2021-40444, impacts IE’s browser engine Trident, also known as MSHTML, which also helps render browser-based content inside Microsoft Office documents.
No patch yet
According to Expmon, the vulnerability impacts the latest versions of both the offline and online instances of Microsoft Office.
“We have reproduced the attack on the latest Office 2019 / Office 365 on Windows 10 (opens in new tab) (typical user environment), for all affected versions please read the Microsoft Security Advisory. The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous),” shared Expmon (opens in new tab).
Talking about the exploitation mechanism, Microsoft says that the vulnerability is exploited via malicious ActiveX controls embedded in Office documents. However, the company hasn’t revealed any details about the nature of the zero-day, nor has it commented on the on-going attack.
This isn’t surprising since it hasn’t yet patched the zero-day, which might be addressed either during an upcoming Patch Tuesday, or through an out-of-cycle update.
In the meantime, Microsoft suggests users to disable the rendering of ActiveX content in Office documents, while Expmon urges users to avoid opening documents from unknown sources.
- Here are the best ransomware protection tools (opens in new tab)