SKOUT Threat Advisory 0061-21:
Office 365 Zero-Day Attacks
Our partners at SKOUT Cybersecurity have alerted us to this current threat.
Microsoft has released a mitigation for a vulnerability which exists on Windows 10 and can be exploited against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on a device if exploited. Because Microsoft Office is used and trusted by millions worldwide, attackers could potentially launch very large scale attacks, and this vulnerability has a severity rating of 8.8 out of 10. SKOUT has attached recommendations below in order to prevent devices from becoming susceptible to this vulnerability.
Technical detail and additional information
WHAT IS THE THREAT?
CVE-2021-40444 – Remote Code Execution Vulnerability
This vulnerability exists on Windows 10 and can be exploited against Office 365 and Office 2019. It is a flaw in MSHTML (browser rendering engine) and it could allow attackers to execute potentially malicious arbitrary commands or code on a device. This attack has largely been exploited through phishing campaigns where attackers will convince an end user to open a specially crafted malicious Microsoft Office document.
WHY IS IT NOTEWORTHY?
Thousands of individuals and businesses use and trust Microsoft and Windows products. Microsoft products are key to everyday business across the globe, and their popularity has made them a frequent target for attackers looking for a wide scope of potential targets. It is very important to take any recommendations released by Microsoft seriously and keep these devices/services updated regularly. This is a major step in preventing vulnerabilities from being exploited.
WHAT IS THE EXPOSURE OR RISK?
Any vulnerability that has to do with Microsoft devices or services always comes with a lot of cause for concern, as so many Microsoft devices are integrated into everyday business. This zero-day exploit in particular could potentially allow attackers to execute remote code. This could lead to several possible compromises, such as denial of service attacks, the deletion or creation of files and even complete system compromises. Many companies rely on sensitive data stored on their Windows machines remaining private and being able to use these machines to conduct everyday business. This vulnerability put these expectations at potential risk if it is exploited by attackers, so it is very important to ensure Microsoft’s recommendations are followed.
WHAT ARE THE RECOMMENDATIONS?
If you would like to speak with one of our Security Experts regarding your cybersecurity needs, please fill out the form below.
For more in-depth information about the recommendations, please visit the following links: