Microsoft is warning Office users to be on guard against unknown or suspicious files because they can attack computers running Windows…
Microsoft has issued a warning about attackers who are actively exploiting a remote code execution vulnerability via malicious Office files. The susceptibility known as CVE-2021-40444 affects Windows Servers from version 2008 and Windows 7 through 10. Hackers send potential victims an infected Office file. If opened, it automatically launches Internet Explorer, which has an ActiveX control that downloads malware onto the victim’s computer.
Microsoft Issues a Warning about Office Files Containing Malicious Code
Microsoft says cybersecurity experts report the method is 100% reliable. All it takes to infect a Windows system is for a victim to merely open the corrupted file. Some of the malicious files already identified were .DOCX documents. However, there are probably other file types cleverly disguised to look legitimate and fool people into opening them without any suspicion.
The software giant says that Microsoft Defender Antivirus and Microsoft Defender for Endpoint can both detect the vulnerability and prevent infection. This means people need to keep both security programs up-to-date in order to stay protected.