MCP Insights by Mission Critical Partners

Cybersecurity Threat Advisory: Office 365 Zero-Day Attacks

Written by Mike Beagles | September 14, 2021

Microsoft released a mitigation for a vulnerability that exists in the Windows 10 operating system that can be exploited against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on a device if exploited. Because Microsoft Office is used and trusted by millions worldwide, attackers potentially could launch very-large-scale attacks; accordingly, this vulnerability has a severity rating of 8.8 out of 10. Recommendations from Mission Critical Partners to prevent devices from becoming susceptible to this vulnerability are below.

Technical Detail & Additional Information

What is the Threat?

CVE-2021-40444 – Remote Code Execution Vulnerability

This vulnerability consists of a flaw in MSHTML, a software component used by Windows 10 to render web pages. It could allow cyberattackers to execute potentially malicious arbitrary commands or code on a device. This attack largely has been exploited through phishing campaigns whereby attackers will convince an end user to open a specially crafted malicious Microsoft Office document.

Why is it Noteworthy?

Thousands of individuals and government entities use and trust Microsoft and Windows products. Microsoft products are key to everyday business across the globe, and their popularity has made them a frequent target for cyberattackers looking for a wide scope of potential targets. It is very important to take any recommendations released by Microsoft seriously and keep these devices/services updated regularly. This is a major step toward preventing vulnerabilities from being exploited.

What is the Exposure or Risk?

Any vulnerability that has to do with Microsoft devices or services always comes with significant cause for concern, because so many Microsoft devices are integrated into everyday operations. This particular zero-day exploit potentially could allow attackers to execute remote code. This could lead to several possible compromises, such as denial-of-service attacks, the deletion or creation of files, and even complete system compromises. Many companies rely on sensitive data stored on their Windows machines remaining private and being able to use these machines to conduct everyday business. This vulnerability puts these expectations at potential risk if it is exploited by cyberattackers, so it is very important to ensure that Microsoft’s recommendations are followed.

What are the Recommendations?

This vulnerability can be exploited on:

  • Window Server 2008 through 2019
  • Windows 8.1 through 10

According to Microsoft, this vulnerability cannot be exploited if Microsoft is configured to open documents from the internet in Protected View mode or Application Guard for Office 365. This is the default configuration for all Windows devices.

Users should apply the Windows registry update, which makes downloaded ActiveX controls inactive, while keeping existing ActiveX controls in place and functioning.

More information on how to apply these remediations can be found in the links below.

References

For more in-depth information about the recommendations, please visit the following links:

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public-safety and justice entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.