Windows 10 is being attacked by hackers using Internet Explorer. This is a worrying trend because it can allow attackers to gain access to your computer and steal data. If you are not using Internet Explorer, you should take steps to protect yourself from this attack. One way to protect your computer from attacks is by using a security software program like Microsoft Windows Defender or Norton Internet Security. These programs will help you keep your computer safe from attack and protect your data. You can also use firewalls to keep out the outside world and protect your computer from attack. If you are not using Internet Explorer, it is important that you do so in order to protect yourself from attacks like these. If you are not comfortable with using a different browser, then you should consider switching to Firefox or Chrome instead of Microsoft Windows 10.
What’s Happening With This New Exploit?
According to Brian Krebs, the issue pops up with the MSHTML part of Internet Explorer. Unfortunately, it also affects Microsoft Office, as it uses the same component to render web-based content within Office documents.
Microsoft has the exploit listed as CVE-2021-40444, and the company hasn’t released a patch for it yet. Instead, the company suggests disabling the installation of all ActiveX controls in Internet Explorer to mitigate the risk of attack.
While that sounds great, the problem is that disabling the installation of all ActiveX controls in Internet Explorer requires messing around with the registry, which can cause severe issues if not done correctly. Microsoft has a guide on this page that shows you how to do it, but make sure you’re careful.
Microsoft wrote a post on the issue, saying, “An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Research group EXPMON posted that it was able to reproduce the attack. “We have reproduced the attack on the latest Office 2019 / Office 365 on Windows 10 (typical user environment), for all affected versions please read the Microsoft Security Advisory. The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous),” it said on Twitter.
We could see an official fix for the exploit on September 14, 2021, when Microsoft is set to do its next “Patch Tuesday” update. In the meantime, you’ll need to be careful and disable the installation of ActiveX controls in Internet Explorer.