Microsoft Hack Attack Exploiting Windows Zero-Day Flaw

43
SHARE

Microsoft has issued a security update about a new malware vulnerability that exploits the Windows Zero-Day flaw. Users are urged to watch out for certain Microsoft Office docs that are infected with malware. Once they are opened hackers can take over your personal devices.

Microsoft reports that it is investigating this “remote code execution vulnerability,” also known as CVE-2021-40444.

So far in 2021, Microsoft has been busy responding to emerging Zero-Day threats that attack Windows or supported software. And impact large numbers of its user base. With every hack attack, a patch is developed to fix the exploitation.

Signup for the USA Herald exclusive Newsletter

Zero-Day Flaw widespread

Microsoft revealed that from October 2020 to February 2021 its servers were being attacked by Chinese hackers.

The malware hacker gang Hafnium is a Chinese state-sponsored group. They used Zero-Day flaws to exploit the Microsoft email system. And gained access to devices and computers.

The hackers were able to write files, execute code and get access to the Microsoft Windows operating system.

Microsoft investigated. And so did other major security organizations. The MIT Technology Review reported. “Google runs some of the most venerated cybersecurity operations on the planet: its Project Zero team, for example, finds powerful undiscovered security vulnerabilities, while its Threat Analysis Group directly counters hacking backed by governments, including North Korea, China, and Russia.”

Older, sometimes retired Microsoft technology has the greatest potential to have a Zero-Day flaw potential. And in June a patch was created to address six zero-day security holes. 

Retired Microsoft support for Microsoft Office 365 services and apps IE11 had issues. And the Print Nightmare vulnerability was present in all supported versions of Windows.

Office documents at risk

The security update describes the current threat. “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.”

The minute you open the malware-infected document you are at risk of having your device remotely controlled. And it appears that users who have administrative user rights are hit harder. 

What can you do?

The bad news is Microsoft hasn’t developed a patch yet to protect your system. And the good news is here are some temporary measures and workarounds to protect you until the fix is ready.

  • Make sure you open all your documents in Protected View or Application Guard for Office.
  • If you are using Internet Explorer, “disable the installation of all ActiveX controls”.
  • Microsoft Defender Antivirus and Defender for Endpoint should also give you protection.
  • Be alert for any suspicious documents. And look for future security updates from Microsoft.

“Customers should keep anti-malware products up to date. Customers who utilize automatic updates do not need to take additional action,” according to the Microsoft update.

“This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”