Know how Cybercriminals Exploit Windows Zero-Day Flaw: Microsoft

One of the reliable and dangerous bugs is being harmed to start the remote code execution attacks against specific targets. Microsoft has alerted that the threat actors are exploiting a previously anonymous vulnerability in Windows 10 and many Windows Server versions to seize control over the PCs when users launch a malicious document or go through a Booby-Trapped website. There is recently no official patch for the bug, but Microsoft has released suggestions for avoiding the threat.

As per the security advisory, the security flaw CVE-2021-40444 affects the “MSHTML” element of the Internet Explorer (IE) on Windows 10 and many Windows Server versions. Internet Explorer was also slowly discarded for more recent Windows browsers like Edge, but a similar vulnerable element also is utilized by the Microsoft Office application for translating web-based content.

How it is Affecting More than Office?

Though Microsoft is still researching the vulnerability, it could also prove to go further impacting just Microsoft Office documents due to the universal utilization of MSHTML on Windows, alerted by the security investigators. Even if the vulnerability does not go further Office documents, its presence, and the fact that the threat actor is already trying to exploit are disquieting enough for various organizations to take urgent action, stated by another security professional.

Basically in every month in 2021 so far, Microsoft has been forced to revert to zero-day threats targeting enormous fodder of its user base. Moreover, According to our experts was the only month so far this year that Microsoft did not update a patch to fix at least one zero-day attack in Windows or supported software.

“A threat actor could design a malicious ActiveX control to be utilized by a Microsoft Office document that hosts the browser translating engine,” Microsoft stated. “The threat actor would then have to convince the user to launch the malicious document. Users whose accounts are setting up to have fewer user rights on the system could be less affected than users who execute with administrative privileges.”

Microsoft has not yet discharged a patch for CVE-2021-40444 but states that users can avoid the attack from this bug by damaging the installation of all ActiveX controls in Internet Explorer. Microsoft states that the vulnerability is recently being utilized in addressed threats, even though its advisory credits three distinct entities with reporting the bug.

One of the investigators credited – EXPMON stated on Twitter that it had manufactured the attack on the latest Office 2019 / Office 365 on Windows 10. “The exploit utilizes the logical flaw so the exploitation is completely decent and dangerous,” EXPMON tweeted.

Windows users could see an official fix for the flaw as soon as possible when Microsoft is contracted to release its monthly “Patch Tuesday” bunch of security releases. This year became one of the toughest years for Windows users and so-called “zero day” threats, which assign to vulnerabilities that are being vigorously exploited to crack into vulnerable systems.

Mitigations and Workarounds

Microsoft has allowed some of the suggestions for the organizations affected by the vulnerability –first founded by Rick Cole of the Microsoft Security Response Center. It may arrive in the form of a Patch Tuesday fix or an out-of-band patch, relying on what the investigators founded, the company said.        

Almost all of those zero-days consist up of older Microsoft technologies or those that have been elderly, like IE11; Microsoft officially resigned the support for Microsoft Office 365 applications and services on IE11 last month. In July, Microsoft pressed out a fix for the Print Nightmare vulnerability that was present in every supported version of Windows, only to see the patch cause problems for a number of Windows users.

Know-how-Cybercriminals-Exploit-Windows-Zero-Day-Flaw-Microsoft-image1

On June’s Patch Tuesday, Microsoft addressed six zero-day security holes. And of course, in March, hundreds of thousands of organizations running Microsoft Exchange email servers found those systems compromised with backdoors thanks to four zero-day flaws in Exchange.

Leave a Reply