Microsoft recently announced that the new version of Windows, Windows 11, will be available for free on a suitable device starting October 5. Naturally, Microsoft’s announcement caused a great stir among Windows users, but now another announcement from Microsoft has caused fear in the minds of users. According to the report, those who are using any version from Windows 7 to Windows 10, they may face a terrible cyber attack. A security loophole has been found in these versions that allows attackers to download malware into a user’s computer through malicious Office files. In a recent report, Microsoft acknowledged the error and said it was investigating.
Danger hidden in Microsoft office
In its report, Microsoft referred to this vulnerability as Level-0, which means that it is being actively used by attackers and can be considered a cause for concern for users.
Using this error with Microsoft HTML, hackers can run an arbitrary code arbitrarily from a distance to gain control over the entire system. It is known that in this case, hackers are sharing fake Microsoft Office files. These files contain a malicious ActiveX control and are automatically inserted into Internet Explorer.
Able to open a web page, and as soon as the page is opened the website is downloading malware on the victim’s computer.
Since fake documents are Office files like Word or Excel, it is not a difficult task for hackers to do. While those who do not use Word or Excel very often are less likely to have such attacks, those who use them in large quantities must take appropriate precautions to stay safe.
This recent vulnerability has been reported as CVE-2021-40444. Microsoft has stated in its report that the error has been present in all Windows Servers since 2006 and in all Windows versions from 8 to 10. Microsoft is currently investigating the issue but has yet to come up with a security patch or solution. But they have shared several tips to protect users from such attacks.
The agency said Microsoft Defender Antivirus and Microsoft Defender for Endpoint could detect and prevent the attack. It also helps users stay updated. In that case there is no need to worry about all the users who have enabled automatic updates. According to the company, Microsoft Office by default opens documents from the Internet in Protected View or Application Guard for Office. Both applications can prevent such attacks.
Microsoft has also instructed to disable all ActiveX controls in Internet Explorer so that they are disabled for all websites. Users can do this by updating the Internet Explorer registry and rebooting their system. According to the company, doing so will allow pre-installed ActiveX controls to run, but will not be affected in any way by recently discovered vulnerabilities.