Cybersecurity

Cybersecurity Threat Advisory: Office 365 Zero-Day Attacks

Mike Beagles
Mike Beagles September 14, 2021 2 min read

Microsoft released a mitigation for a vulnerability that exists in the Windows 10 operating system that can be exploited against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on a device if exploited. Because Microsoft Office is used and trusted by millions worldwide, attackers potentially could launch very-large-scale attacks; accordingly, this vulnerability has a severity rating of 8.8 out of 10. Recommendations from Mission Critical Partners to prevent devices from becoming susceptible to this vulnerability are below.

Technical Detail & Additional Information

What is the Threat?

CVE-2021-40444 – Remote Code Execution Vulnerability

This vulnerability consists of a flaw in MSHTML, a software component used by Windows 10 to render web pages. It could allow cyberattackers to execute potentially malicious arbitrary commands or code on a device. This attack largely has been exploited through phishing campaigns whereby attackers will convince an end user to open a specially crafted malicious Microsoft Office document.

Why is it Noteworthy?

Thousands of individuals and government entities use and trust Microsoft and Windows products. Microsoft products are key to everyday business across the globe, and their popularity has made them a frequent target for cyberattackers looking for a wide scope of potential targets. It is very important to take any recommendations released by Microsoft seriously and keep these devices/services updated regularly. This is a major step toward preventing vulnerabilities from being exploited.

What is the Exposure or Risk?

Any vulnerability that has to do with Microsoft devices or services always comes with significant cause for concern, because so many Microsoft devices are integrated into everyday operations. This particular zero-day exploit potentially could allow attackers to execute remote code. This could lead to several possible compromises, such as denial-of-service attacks, the deletion or creation of files, and even complete system compromises. Many companies rely on sensitive data stored on their Windows machines remaining private and being able to use these machines to conduct everyday business. This vulnerability puts these expectations at potential risk if it is exploited by cyberattackers, so it is very important to ensure that Microsoft’s recommendations are followed.

What are the Recommendations?

This vulnerability can be exploited on:

  • Window Server 2008 through 2019
  • Windows 8.1 through 10

According to Microsoft, this vulnerability cannot be exploited if Microsoft is configured to open documents from the internet in Protected View mode or Application Guard for Office 365. This is the default configuration for all Windows devices.

Users should apply the Windows registry update, which makes downloaded ActiveX controls inactive, while keeping existing ActiveX controls in place and functioning.

More information on how to apply these remediations can be found in the links below.

References

For more in-depth information about the recommendations, please visit the following links:

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public-safety and justice entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.

Don't forget to share this post!

Mike Beagles
Mike Beagles
Mike has specialized experience with supporting public safety agencies by providing technical expertise, strategic planning and general consulting for new and innovative mission critical technologies as well as legacy solutions. Throughout his long-standing career, he has worked as a technical service manager and network engineer for several public safety software companies, as well as an IT manager with a mid-tier public safety 911/ CAD/RMS/Mobile software provider. His expertise runs deep in team and project management for large and small projects, which he has done for more than 12 years.

Related posts

Next Generation 911 Networks Cybersecurity IT and Network Support Utilities Law Enforcement Criminal Justice 911 and Emergency Communications Centers

If You Do Nothing Else, Implement Multifactor Authentication to Head Off Cyberattacks

May 28, 2020
Mike Beagles
Cybersecurity

Cybersecurity Threat Advisory: Black Basta Ransomware Group Threat

June 27, 2022
Mike Beagles
Cybersecurity Network Management IT and Network Support

Cybersecurity Threat Advisory: Microsoft’s Patch Critical RCE Flaws

September 18, 2020
Mike Beagles