Internet Explorer zero-day may be even more dangerous than first thought

Best not to open documents from strangers, experts say

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New details about the recent MSHTML zero-day vulnerability have further spookedcybersecurityresearchers, after having seen exploits in the wild.

Tracked as CVE-2021-40444,Microsoftrecentlydisclosed the vulnerabilityinInternet Explorer’s browser engine Trident, also known as MSHTML, which helps render browser-based content insideMicrosoft Officedocuments.

Microsoft was careful not to share too many details about the still-unpatched vulnerability. However, security researchers have been more forthcoming after analyzing malicious Office documents used in real-world campaigns.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

BleepingComputerhas shared details about the dangerous nature of the vulnerability, which can work around built-in protection mechanisms in both Microsoft Office andOffice 365.

Exercise extreme caution

In an ideal world, Microsoft Office’s “Protected View” feature is enough to block the exploit, since it exists in documents that come from the internet.

However, vulnerability analyst Will Dormann toldBleepingComputerthat there are several ways for a malicious document to bypassProtected Viewby obfuscating the fact that it came from the internet. For instance, documents opened from inside containers like zipped archives, or ISO files, are treated as local files.

Moreover, Dormann discovered that you could use this vulnerability in RTF files as well, which don’t get the protections of the Protected View feature.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While Microsoft hasn’t yet shared a patch to plug the vulnerability, it hasshared mitigationsto block documents from processing ActiveX content, thereby defanging the exploit.

However, that’s not of much help either, since security researcher Kevin Beaumont has alreadydiscovered a wayto bypass Microsoft’s mitigations to exploit this vulnerability.

Until Microsoft fixes the vulnerability, it’s best to avoid opening documents from unknown sources.

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well