How to mitigate the Microsoft Office zero-day attack

Follow this advice to block malicious Office files from doing harm to your network even if you've implemented Microsoft's recommended actions.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa
Gwengoat / Getty Images

Once again attackers have used Office files in targeted attacks against Microsoft users. This time they used the Windows Explorer preview pane to deliver malicious .doc, .docm, and .docx files. Researchers have found that malicious .rtf files can also be used in such attacks. For this exploit, an attacker crafts a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.

The attacker must convince a user to open the malicious document. So, your first line of defense is an educated user who doesn’t blindly open unexpected files. In addition, Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Your antivirus tools may already include detections for this exploit as well.

Microsoft has released CVE-2021-40444 to track this vulnerability. Even when it’s fixed, don’t let your guard down. Instead, I recommend you keep one key protection that probably many of us are not doing to protect ourselves from malicious Office files including those used in this most current exploit.

Microsoft Defender Attack Surface Reduction rules

To continue reading this article register now

Microsoft's very bad year for security: A timeline