Microsoft Fixes Windows 10 Zero-Day Exploit Triggered By Website Visit, Office Documents

UPDATE 9/15: For the September 2021 Patch Tuesday, Microsoft released fixes for 66 different vulnerabilities. As Help Network Security Reports, most important of all is the inclusion of a fix for the Windows 10 zero-day exploit (CVE-2021-40444) revealed last week and detailed below.

Windows 10 users should allow Windows Update to install patches as soon as they can to ensure their system is protected from the vulnerability.


Original story 9/9:
Windows 10 users face the threat of a new zero-day exploit that allows remote code execution. The bad news is that it can be triggered simply by visiting a website or opening a malicious document in Microsoft Office.

As Krebson Safety Reports, the exploit takes advantage of the MSHTML component in Internet Explorer, which may give many users a sigh of relief as they have long since switched to Edge browser or one of the other popular alternatives. However, since the exploit uses a malicious ActiveX control, it can also be triggered using a Microsoft Office document.

Both Office 2019 and Office 365 users are vulnerable, but doing so requires opening a malicious document, which hopefully most people won’t. Microsoft does not yet have a patch to address the vulnerability, but in a advisory a few workarounds are suggested.

Recommended by our editors

For anyone still using Internet Explorer, Microsoft suggests disabling the installation of ActiveX controls. This does, however, require updating the Windows registry, which not everyone will be comfortable doing. Instructions are provided in the notice. Office users have some protection by default because documents from the Internet are opened in Protected View or Application Guard for Office.

The usual tips will keep you safe. Do not open documents unless you are sure they are safe, and do not visit websites that you do not fully trust. Running a good security suite will also help protect your system and of course stop using Internet Explorer. Microsoft likely won’t release the patch for this exploit until September 14 (the next Patch Tuesday).

What's New Now to get our top stories delivered to your inbox every morning.","first_published_at":"2021-09-30T21:30:40.000000Z","published_at":"2021-09-30T21:30:40.000000Z","last_published_at":"2021-09-30T21:30:34.000000Z","created_at":null,"updated_at":"2021-09-30T21:30:40.000000Z"})" x-show="showEmailSignUp()" class="rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 font-brand mt-8 container-xs">
Get our best stories!

Sign up for What’s up now to get our best stories delivered to your inbox every morning.

This newsletter may contain advertising, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use and Privacy Policy. You can unsubscribe from newsletters at any time.

About Sandra A. Powell

Check Also

Privacy & Cookies – PSNC Site

What are cookies As is common practice with almost all professional websites, this site uses …

Leave a Reply

Your email address will not be published.