In its report, Microsoft acknowledged the vulnerability to be a level – 0, meaning that it is being actively exploited by attackers and is considered as a “highest priority” risk for the users. As for what it is, the security risk lies with Microsoft HTML that allows remote code execution by an attacker.
The attacker shares a specially crafted Microsoft Office file with the target. This file contains a malicious ActiveX control. ActiveX control automatically opens the attacker’s web page on Internet Explorer. Once Internet Explorer is open, the website downloads malware onto the victim’s computer.
All an attacker has to do is convince the user to open the malicious document.
Since these documents are Office files like Word or Excel, users can easily get tricked into opening them, assuming they have something important to share.
Microsoft is currently investigating the reports of the vulnerability and its exploitation and is yet to roll out a security patch. However, it shares some mitigation methods to prevent an attack that exploits the vulnerability.
1.Microsoft Defender Antivirus and Microsoft Defender for Endpoint can both detect and prevent the said attack. Keep them updated and running.
2. Install ‘Protected View’ or ‘Application Guard for Office’. MS Office will then open documents from the internet in ‘Protected View’ or ‘Application Guard’ by default. Both the applications can prevent the attack.
3. Disable all ActiveX controls in Internet Explorer. You can do this by updating Internet Explorer’s registry and rebooting their system. Once it is done, previously installed ActiveX controls will continue to run but would not expose this vulnerability.