Microsoft warns of zero-day attacks using Office documents on Windows

On September 7 (local time), Microsoft released a warning about a zero-day attack using Microsoft Office documents on Windows. Due to a vulnerability known as CVE-2021-40444, when an attacker-provided office document is opened, Internet Explorer creates a malicious ActiveX control and becomes infected with malicious code. Affected are Windows Server, Windows 7, and Windows 10 since 2008, with a severe level score of 8.8 out of 10.

Microsoft has not yet released a patch for this vulnerability, but Microsoft Defender Antivirus and Microsoft Defender for Endpoint are able to detect the attack and prevent infection. In this case, it is said that a warning is displayed as a suspicious Cpl file execution.

Another workaround is to disable all ActiveX controls in Internet Explorer and disable ActiveX on all websites. The Microsoft security warning also describes how to manipulate the registry. For several years, Microsoft has been pushing the edge transition to Internet Explorer as a solution to technical problems. Related information can be found here.



Through the monthly AHC PC and HowPC magazine era, he has watched 'technology age' in online IT media such as ZDNet, electronic newspaper Internet manager, editor of Consumer Journal Ivers, TechHolic publisher, and editor of Venture Square. I am curious about this market that is still full of vitality.

Add comment

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed

%d 블로거가 이것을 좋아합니다: