A new threat has emerged for Windows 10 users, where a user can become the victim of a cyberattack by just opening a malicious Microsoft Office document unsuspectingly.
The ‘zero-day’ vulnerability, reported by a leading computer security and cybercrime blog, can also be triggered by visiting untrustworthy websites on the Internet Explorer.
As reported, the attack leverages a component of the browser app Internet Explorer called MSHTML. Users who have shifted from IE to Microsoft Edge should be safe from this exploit.
The exploit can target both Microsoft Office 2019 and Office 365. However, the cyberattack is only possible if a user opens the malicious Office document. There isn’t a patch from Microsoft currently available to fix the issue but there is an
advisory with suggestions to help users ensure cyber safety.
Microsoft has reportedly suggested that Internet Explorer users disable the ‘ActiveX controls’ installation on their device. However, this action will need users to update the Windows Registry.
Nevertheless, there is some default protection for Microsoft Office users as all Office Documents downloaded online open in Protected View or in Application Guard for MS Office.
To ensure safety, users are advised to not open any documents that may appear suspicious. Internet Explorer users are advised to refrain from visiting untrustworthy websites. Users can run a security suite to keep their device safe. As reported, a patch for this vulnerability may be available from Microsoft on September 14.