Microsoft finds Office files used in attack attempts

Microsoft issued a report Tuesday on an MSHTML vulnerability and targeted attacks trying to exploit the vulnerability through Office documents.

The tech giant is still investigating the vulnerability, which may require a security update through the monthly release process or an out-of-cycle update, according to the report. MSHTML, also known as Trident, is the browser engine for the Windows version of Internet Explorer.

The vulnerability allows attackers to make a malicious ActiveX control used by an Office document that hosts the browser rendering engine, according to the report. Users who open the document risk exposure.

This comes just days after Microsoft warned of a flaw in Azure that could give hackers access to data.

“Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability,” according to the report. “Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: ‘Suspicious Cpl File Execution.’

Users can disable all ActiveX controls installation in Internet Explorer to mitigate the attack, according to the report.

Kelly Yeh, president of US-based Microsoft partner Phalanx Technology Group, told CRN US in an interview that, although the vulnerability is serious, he chalks up the recent spate of vulnerabilities identified in Microsoft products — from “PrintNightmare” to “ChaosDB” and Power Apps to Microsoft Exchange Server ProxyShell — to Microsoft’s popularity for business applications.

Attackers need users to perform a lot of steps to exploit the MSHTML vulnerability, Yeh said. He tells his clients to practice basic security steps to avoid exploits, such as limiting employees’ administrative controls and resisting the impulse to open every unread email in an inbox.

“This can be mitigated really easily with user training,” Yeh said. “We call it layer eight problems — the layer between the chair and the desk is the biggest problem that IT guys always have.”

This article originally appeared at crn.comGot a news tip for our journalists? Share it with us anonymously here.

Copyright © 2018 The Channel Company, LLC. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *