Microsoft admits a new zero-day vulnerability threatens millions of Windows users
According to Microsoft, this new zero-day vulnerability affects all versions of Windows from Windows 7 to Windows 10 and corresponding versions of Windows Server.
Microsoft has just acknowledged a Windows zero-day vulnerability in MSHTML that allows hackers to execute code remotely if exploited successfully. This vulnerability affects all versions of Windows from Windows 7 to Windows 10 and corresponding versions of Windows Server.
Currently, Microsoft is tracking the vulnerability under the codename CVE-2021-40444 and further claims that hackers will exploit the vulnerability by distributing malicious Office documents. According to the CVE scale, the new vulnerability has a severity level of 8.8.
In more detail, Microsoft says hackers can create an ActiveX control using Office's MSHTML browser rendering engine. When the user opens it, it triggers a remote code execution attack.
However, users who use the default option to open files from the internet via Protected View or via Application Guard for Office will not be attacked. Furthermore, according to Microsoft, Defender Antivirus and Defender for Endpoint can also successfully detect threats.
Another solution that Microsoft offers is to turn off all settings related to ActiveX controls through the Registry Editor. This change does not affect installed controls.
Here's how to disable an ActiveX control:
- Open Notepad
- Copy the following lines and paste in Notepad
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones] "1001"=dword:00000003 "1004"=dword:00000003 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones1] "1001"=dword:00000003 "1004"=dword:00000003 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones2] "1001"=dword:00000003 "1004"=dword:00000003 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones3] "1001"=dword:00000003 "1004"=dword:00000003- Save the Notepad file as a .reg . file
- Double click on the saved file to apply the changes to the Registry
- Restart the machine
Note: If you do the above operations, 3 new keys will be created in Registry Editor. To re-open the ActiveX control you will have to find and delete the keys you just created.
Microsoft is currently investigating and will take appropriate action when it completes its assessment of this vulnerability. Most likely in the near future Microsoft will release a patch or permanent damage reduction for it.
You should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Windows 7 users need to install Microsoft patches immediately to fix BlueKeep security errors
- There is a new zero-day vulnerability in Windows
- Google has reported a zero-day vulnerability that has just appeared in Windows 7, Microsoft has not yet released a patch
- Microsoft has released a critical update for Windows 10, users need to update now
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
- Hacker revealed the second Zero-Day, broke Windows' EoP vulnerability patch
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Steps to fix PrintNightmare vulnerability on Windows 10
Maybe you are interested
Enable or disable Secure Boot via the ASUS UEFI BIOS utility How to temporarily lock the computer when entering the wrong password many times How to Add a Password to a .Bat File How to use ASCII characters to create strong passwords How to prevent DDoS attack with Nginx Techniques to exploit buffer overflows: Organize memory, stack, call functions, shellcode