Microsoft has just released a security patch that corrects a very serious vulnerability in Windows 10. This allows malicious actors to compromise the security of the computer through a malicious Office document specially designed for that purpose.
The vulnerability, identified as CVE-2021-40444, was detected in early September. At the time, Microsoft warned that it was being actively exploited. In addition, he pointed out that he was working to solve the problem.
Now, after several days of analysis and testing, the Redmond people have found the solution. It is available within the monthly update package corresponding to September. This is automatically offered to all Windows 10 customers through Windows update.
However, the problem also affects other versions of Windows, some already without official support. In the case of Windows 8.1, Windows Server 2012 and Windows Server 2016 and Windows Server 2019, they will receive the update through Windows Update.
Windows 7 and Windows Server 2008, on the other hand, will only be able to access the updates if they have paid the additional security maintenance from Microsoft. This is because extended support for these operating systems has now ended.
Since the vulnerability has a severity level of 8.8 on a maximum scale of 10 points, Microsoft recommends updating immediately. Advanced users who cannot update can prevent attacks with a workaround that requires modifying the Windows registry.
How do the attackers who put Microsoft on alert operate?
Example of the decoy used by DEV-0413 | Credit: Microsoft
Microsoft detected targeted attacks that exploited a vulnerability in Windows 10. This is precisely a remote code execution (RCE) security flaw. This was in the Internet Explorer rendering engine and was used by malicious Office files.
The campaigns, Microsoft explains, originated from emails posing as legal contracts and agreements. These documents, hosted on file-sharing sites, contained code specifically designed to attack users through an ActiveX control.
Those in Redmond pointed out that the attack was thwarted if potential victims opened the file in Protected View mode or through Application Guard in Office 365. The former is a read-only feature. The second isolates the document in a secure environment and denies access to system files and resources.