Microsoft patches a zero-day exploit involving Office files
Microsoft’s latest update addresses a number of security vulnerabilities. One of these is a critical zero-day exploit that hackers actively used to send Office files containing malicious ActiveX controls.
Microsoft warned about the flaw a few days ago after being notified by security researchers. They discovered that criminals were tricking victims into opening Office files which would launch a page on Internet Explorer. This page contained an ActiveX control that would then trigger a malware download onto the victim’s computer.
Users were previously asked to make sure that Microsoft Defender Antivirus or Microsoft Defender are switched on as there was no fix at the time. Microsoft also advised users to disable all ActiveX controls for Internet Explorer.
You must install the latest update for your Windows machine which makes sure the flaw can no longer be exploited. It also fixes a number of remote code execution vulnerabilities with this roll out.
September 16, 2021
September 14, 2021