Microsoft doesn't seem to get it, they are the biggest reason hacking campaigns are as successful and wide spread as they are.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
Getting the update on my machines now. Also read the article on BC. KB5005565 is stated as a fix for the issue but I will as always, follow and keep ears to the ground about it. Criminals always find a way to stay ahead of the game it seems. Nevertheless, kudos to MS for standing tall and getting this fix out.
SA
According to Sergiu Gatlan's 14-Sep-2021 BleepingComputer article Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-Day Bug a bug fix was included in today's September 2021 Patch Tuesday updates.
"Microsoft has released security updates to address this vulnerability," the company said today in an advisory update published as part of this month's Patch Tuesday.
Exploits are now active in the wild, being sold on hacker forums. MS bandaids are being bypassed.
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/
SA
Indeed, fingers crossed!! MS should make whatever they currently have as a priority and re-prioritize this issue to business critical.
Susan Bradley posted some additional information yesterday (10-Sep-2021) on the AskWoody site at Zero Day CVE 2021-40444 . Fingers crossed a permanent fix is included with the next Patch Tuesday updates on 14-Sep-2021.
So much for "protected view": https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
This is as serious as it gets. I resound my statement in the first post.
Microsoft doesn't seem to get it, they are the biggest reason hacking campaigns are as successful and wide spread as they are.
SA
SoulAsylum:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
From Ionut Ilascu's 07-Sep-2021 Microsoft Shares Temp Fix for Ongoing Office 365 Zero-day Attacks:
"Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10....
...However, the attack is thwarted if Microsoft Office runs with the default configuration, where documents from the web are opened in Protected View mode or Application Guard for Office 365. Protected View is a read-only mode that has most of the editing functions disabled, while Application Guard isolates untrusted documents, denying them access to corporate resources, the intranet, or other files on the system.
Systems with active Microsoft’s Defender Antivirus and Defender for Endpoint (build 1.349.22.0 and above) benefit from protection against attempts to exploit CVE-2021-40444..."
Similar mitigations are discussed in the MS MSRC document for CVE-2021-40444 referenced by SoulAsylum. I launched my MS Word 2019 and went to File | Options | Trust Center | Trust Center Settings | Protected View to confirm that I am using the default settings for Protected View. Those same Trust Center options could be viewed from other MS Office products like MS Excel, MS Outlook, etc. in addition to my MS Word.
-----------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H1 build 19043.1165 * Firefox v92.0.0 * Microsoft Defender v4.18.2108.7 (v1.349.381.0 defs) * Malwarebytes Premium v4.4.5.130-1.0.1430 * MS Office Home and Business 2019 C2R v2108 (build 14326.20238)
I use Office, basically just Word and Outlook for an email client. But NO, Microsoft isn't telling us about this at all until its forced on them to at least acknowlege it. These issues are being discovered by other security experts in the most basic sense and are persistent. The latest MS can fetch is how Windows 11 and their over the top hardware requirements will help prevent these. I doubt that in a serious way. Its a software issue baked into the OS and how it uses outdated source code over and over again. IF, there is any saving grace with this particular issue it is that user interaction is required, aka opening a malformed office document. We all know too well there are far too many users out there who are click happy and always ready to put the blame elsewhere for the consequences that follow. I hope everyone reading this will pass it along far and wide to prevent those "happy clickers" from a mistake that will have dire consequences.
SA
Glad I don't use Office any more -- but at least Microsoft do tell you?