The zero-day vulnerability in Internet Explorer may be considerably more severe than previously anticipated.
According to experts, it is best not to open papers from strangers.
After seeing exploits in the public for the recently discovered MSHTML zero-day vulnerability, cybersecurity researchers have become even more alarmed with new information about the issue.
Microsoft has reported a vulnerability in Internet Explorer’s browser engine Trident, commonly known as MSHTML, which is responsible for rendering browser-based information into Microsoft Office documents. The issue is tracked as CVE-2021-40444.
Microsoft was careful not to provide too many specifics about the issue, which has not yet been fixed. Security researchers, on the other hand, have been more open after examining malicious Office documents that were used in real-world campaigns.
Extreme caution should be exercised.
In an ideal world, Microsoft Office’s “Protected View” feature would be sufficient to prevent the vulnerability from being used because it is included in documents that are downloaded from the internet.
Will Dormann, a vulnerability expert at BleepingComputer, told BleepingComputer that there are numerous methods for a malicious document to get through Protected View by hiding the fact that it was downloaded from the internet, for example. Examples include documents accessed from within containers such as zipped archives or ISO files being regarded as though they were local files.
Furthermore, Dormann revealed that this vulnerability may be exploited in RTF files as well, which do not benefit from the safeguards provided by the Protected View feature.
While Microsoft has not yet released a fix to address the issue, it has released mitigations that prevent documents from processing ActiveX content, therefore making the attack more difficult to execute. [source code]
It’s not much use, though, because security researcher Kevin Beaumont has already identified a way to circumvent Microsoft’s mitigation measures in order to attack this issue.
It is recommended that you avoid opening documents from unknown sources until Microsoft has patched the issue.