Microsoft Finds Attack Attempts With Office Files
“This can be mitigated really easily with user training,” Kelly Yeh, president of Chantilly, Va.-based Microsoft partner Phalanx Technology Group, tells CRN. “We call it layer eight problems -- the layer between the chair and the desk is the biggest problem that IT guys always have.”
Microsoft issued a report Tuesday on an MSHTML vulnerability and targeted attacks trying to exploit the vulnerability through Office documents.
The Redmond, Wash.-based tech giant is still investigating the vulnerability, which may require a security update through the monthly release process or an out-of-cycle update, according to the report. MSHTML, also known as Trident, is the browser engine for the Windows version of Internet Explorer.
The vulnerability allows attackers to make a malicious ActiveX control used by an Office document that hosts the browser rendering engine, according to the report. Users who open the document risk exposure.
[RELATED: Microsoft Azure Cosmos DB Vulnerability Allows ‘Manipulation’ of Customer Data: Report]
“Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability,” according to the report. “Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: ‘Suspicious Cpl File Execution.’
Users can disable all ActiveX controls installation in Internet Explorer to mitigate the attack, according to the report.
Kelly Yeh, president of Chantilly, Va.-based Microsoft partner Phalanx Technology Group, told CRN in an interview that, although the vulnerability is serious, he chalks up the recent spate of vulnerabilities identified in Microsoft products -- from “PrintNightmare” to “ChaosDB” and Power Apps to Microsoft Exchange Server ProxyShell -- to Microsoft’s popularity for business applications.
Attackers need users to perform a lot of steps to exploit the MSHTML vulnerability, Yeh said. He tells his clients to practice basic security steps to avoid exploits, such as limiting employees’ administrative controls and resisting the impulse to open every unread email in an inbox.
“This can be mitigated really easily with user training,” Yeh said. “We call it layer eight problems -- the layer between the chair and the desk is the biggest problem that IT guys always have.”