filmov
tv
Microsoft, CISA urge Mitigations for Zero-Day RCE Flaw in Windows
Показать описание
Microsoft, CISA urge Mitigations for Zero-Day RCE Flaw in Windows
Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents.
Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is “aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” according to an advisory released Tuesday.
The vulnerability allows an attacker to craft a malicious ActiveX control that can be used by a Microsoft Office document that hosts the browser rendering engine, according to Microsoft
The attacker would then have to convince the user to open the malicious document for an attack to be successful, the company said. Moreover, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, according to the advisory.
Though Microsoft is still investigating the vulnerability, it could prove to go beyond affecting just Microsoft Office documents due to the ubiquitous use of MSHTML on Windows, warned Jake Williams, co-founder and CTO at incident response firm BreachQuest.
Malicious Office documents are a popular tactic with cybercriminals and state-sponsored threat actors, and the vulnerability gives them “more direct exploitation, of a system, than the usual tricking users to disable security controls,” observed John Bambenek, principal threat hunter at digital IT and security operations firm Netenrich.
Microsoft has offered some advice for organizations affected by the vulnerability—first discovered by Rick Cole of the Microsoft Security Response Center, Haifei Li of EXPMON, and Dhanesh Kizhakkinan, Bryce Abdo and Genwei Jiang of Mandiant–until it can offer its own security update. That may come in the form of a Patch Tuesday fix or an out-of-band patch, depending on what researchers discover, the company said.
Until then, customers should keep anti-malware products up to date, though those who use automatic updates don’t need to take action now, Microsoft said. For enterprise customers who manage updates, they should select the detection build 1.349.22.0 or newer and deploy it across their environments, the company added.
Workarounds for the flaw include disabling the installation of all ActiveX controls in Internet Explorer, which mitigates a potential attack, according to Microsoft.
“This can be accomplished for all sites by updating the registry,” the company said in its advisory. “Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.”
However, Microsoft warned organizations to take care when using the Registry Editor, because doing so incorrectly can “cause serious problems that may require you to reinstall your operating system.” “Use Registry Editor at your own risk,” the company advised.
Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents.
Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is “aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” according to an advisory released Tuesday.
The vulnerability allows an attacker to craft a malicious ActiveX control that can be used by a Microsoft Office document that hosts the browser rendering engine, according to Microsoft
The attacker would then have to convince the user to open the malicious document for an attack to be successful, the company said. Moreover, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, according to the advisory.
Though Microsoft is still investigating the vulnerability, it could prove to go beyond affecting just Microsoft Office documents due to the ubiquitous use of MSHTML on Windows, warned Jake Williams, co-founder and CTO at incident response firm BreachQuest.
Malicious Office documents are a popular tactic with cybercriminals and state-sponsored threat actors, and the vulnerability gives them “more direct exploitation, of a system, than the usual tricking users to disable security controls,” observed John Bambenek, principal threat hunter at digital IT and security operations firm Netenrich.
Microsoft has offered some advice for organizations affected by the vulnerability—first discovered by Rick Cole of the Microsoft Security Response Center, Haifei Li of EXPMON, and Dhanesh Kizhakkinan, Bryce Abdo and Genwei Jiang of Mandiant–until it can offer its own security update. That may come in the form of a Patch Tuesday fix or an out-of-band patch, depending on what researchers discover, the company said.
Until then, customers should keep anti-malware products up to date, though those who use automatic updates don’t need to take action now, Microsoft said. For enterprise customers who manage updates, they should select the detection build 1.349.22.0 or newer and deploy it across their environments, the company added.
Workarounds for the flaw include disabling the installation of all ActiveX controls in Internet Explorer, which mitigates a potential attack, according to Microsoft.
“This can be accomplished for all sites by updating the registry,” the company said in its advisory. “Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.”
However, Microsoft warned organizations to take care when using the Registry Editor, because doing so incorrectly can “cause serious problems that may require you to reinstall your operating system.” “Use Registry Editor at your own risk,” the company advised.
0:06:33
Microsoft, CISA urge Mitigations for Zero-Day RCE Flaw in Windows
0:00:42
April 08, 2024 - 'CISA Urges Microsoft for Cloud Security Enhancements'
0:01:00
Cyber Alerts & Tips - Microsoft Releases Mitigations and Workarounds for CVE 2021 40444
0:09:47
ALERT CISA Exchange with 3 zero day bugs | Immediately path or disconnect your Exchange systems
0:13:42
Episode #31: Apache Struts Flaw, Ransomware Weaknesses, & Microsoft VSCode
0:06:54
CISA KEV's Known Ransomware Attribution
0:08:10
CISA's Untitled Goose Tool | Detecting and Removing Malware in Microsoft Azure Cloud Infrastruc...
0:05:17
Episode 1052 - Microsoft Issues Advisory For 0-Day Attack On Office Documents
0:56:26
Decoding CISA's HPH Mitigation Guide - Ep 437
0:08:30
Microsoft ZERO-DAY vulnerability “follina” msdt | CVE-2022-30190 | Explained Exploitation & Work...
0:19:41
What You Can Learn from Log4J | AT&T ThreatTraq
0:05:25
MSHTML Exploit with Bryson Medlock at the ConnnectWise CRU. CVE-2021-40444
0:10:10
9 US Telecom Companies infiltrated by Chinese Hackers! How does it impact you_
0:04:48
Microsoft patched several Zero days in Exchange Servers Exploited in the Wild!
0:29:33
Tools, alerts, and advisories from CISA
0:20:47
Multiple Major Flaws Under Active Exploitation! Major Microsoft Milestone! Microsoft Email Breach!
0:33:50
Taking steps to stop a Chinese APT
0:26:26
Microsoft is endangering national security
0:38:12
CVE Rogues Gallery [2020 Edition] - Vulnerabilities and Exposures
0:03:15
Microsoft Issues Critical Update Warning As Chinese Hackers Attack
1:00:32
PrintNightmare is Fixed! (See Timestamps in description)
1:18:54
Hearing: A Review of the FY 2020 Budget Request for the CISA and S&T Directorate (EventID=109355...
0:04:21
NCSC Raises Privacy Concerns About ChatGPT, CISA Prgm. Tackles Ransomware in Critical Infrastructure
0:18:25
Navigating the 2024 Cybersecurity Threat Landscape for MSPs
Комментарии