Soumya Prakash Pradhan

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about a new problem with some Microsoft products. 

The vulnerability affects Microsoft Office and Windows HTML, and could be used by attackers who are not physically present.

Vulnerability Unveiled

A serious security threat has been discovered in Microsoft Office and Windows HTML.

The vulnerability, as reported by CERT-In, allows remote attackers to run their own code on the system.

If exploited, this could lead to unauthorised access and control over the affected device, posing a risk to data security and potentially exposing sensitive information.

Affected Applications

The vulnerability affects several versions of Microsoft products, including:

  1. Windows 10 (x64-based, 32-bit, and 22H2 versions)
  2. Windows 11 (22H2 and ARM64-based versions)
  3. Windows Server 2022 and 2019
  4. Windows 10 (Version 21H2 and 1809)
  5. Microsoft Word (2013 Service Pack 1 and 2016 editions)
  6. Microsoft Office LTSC 2021 and 2019
  7. Windows Server 2012, 2008 R2, and 2008
  8. Windows Server 2016
  9. Windows 10 (Version 1607)
  10. Windows Server 2012 R2
  11. Microsoft Office 2019

The vulnerability in Microsoft Office and Windows HTML is caused by a lack of proper validation for user-provided input when dealing with cross-protocol file navigation.

To exploit this vulnerability, an attacker needs to persuade a victim to open a specifically crafted file.

By taking advantage of this weakness, the attacker can remotely execute arbitrary code, putting the security and reliability of the targeted system at risk.

To reduce the risks associated with this vulnerability, CERT-In has provided some important recommendations.

Users who have Microsoft Defender for Office installed are already protected against attachments that try to exploit this vulnerability.

Additionally, it is advisable to enable the "Block all Office applications from creating child processes" Attack Surface Reduction Rule, as it helps prevent the exploitation of the vulnerability.

For organisations that cannot utilise these protections, CERT-In suggests adding the following application names as REG_DWORD values with data 1 to the specified registry key:

  1. Excel.exe
  2. Graph.exe
  3. MSAccess.exe
  4. MSPub.exe
  5. PowerPoint.exe
  6. Visio.exe
  7. WinProj.exe
  8. WinWord.exe

OTV News is now on Whatsapp

Join and get latest news update delivered to you via whatsapp

Join Now