Government warning for Word, Excel, and PowerPoint users: Take action now

CERT-In warns of a vulnerability in Microsoft Office and Windows HTML, allowing remote attackers to compromise systems. Urgent action required.

Soumya Prakash Pradhan
  • Published: Thursday, 13 July 2023
  • Last updated: 13 July 2023, 04:43 PM IST

Recommended Stories

Nothing Launches Two New Earbuds In India With ChatGPT Integration
Apple unveils OpenELM, a next-gen AI model for future iPhones
Know how to unlock WhatsApp on iPhone with 'Passwordless Access'
Meta unveils advanced Ray-Ban smart glasses with multimodal AI integration
Being self-reliant in war-fighting platforms vital: Indian Army chief
Looking for perfect AC? Know how to pick best one with easy technical insights

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about a new problem with some Microsoft products. 

The vulnerability affects Microsoft Office and Windows HTML, and could be used by attackers who are not physically present.

Vulnerability Unveiled

A serious security threat has been discovered in Microsoft Office and Windows HTML.

The vulnerability, as reported by CERT-In, allows remote attackers to run their own code on the system.

If exploited, this could lead to unauthorised access and control over the affected device, posing a risk to data security and potentially exposing sensitive information.

Affected Applications

The vulnerability affects several versions of Microsoft products, including:

  1. Windows 10 (x64-based, 32-bit, and 22H2 versions)
  2. Windows 11 (22H2 and ARM64-based versions)
  3. Windows Server 2022 and 2019
  4. Windows 10 (Version 21H2 and 1809)
  5. Microsoft Word (2013 Service Pack 1 and 2016 editions)
  6. Microsoft Office LTSC 2021 and 2019
  7. Windows Server 2012, 2008 R2, and 2008
  8. Windows Server 2016
  9. Windows 10 (Version 1607)
  10. Windows Server 2012 R2
  11. Microsoft Office 2019

The vulnerability in Microsoft Office and Windows HTML is caused by a lack of proper validation for user-provided input when dealing with cross-protocol file navigation.

To exploit this vulnerability, an attacker needs to persuade a victim to open a specifically crafted file.

By taking advantage of this weakness, the attacker can remotely execute arbitrary code, putting the security and reliability of the targeted system at risk.

To reduce the risks associated with this vulnerability, CERT-In has provided some important recommendations.

Users who have Microsoft Defender for Office installed are already protected against attachments that try to exploit this vulnerability.

Additionally, it is advisable to enable the "Block all Office applications from creating child processes" Attack Surface Reduction Rule, as it helps prevent the exploitation of the vulnerability.

For organisations that cannot utilise these protections, CERT-In suggests adding the following application names as REG_DWORD values with data 1 to the specified registry key:

  1. Excel.exe
  2. Graph.exe
  3. MSAccess.exe
  4. MSPub.exe
  5. PowerPoint.exe
  6. Visio.exe
  7. WinProj.exe
  8. WinWord.exe
scrollToTop

Copyright © 2024 - Odisha Television Limited All Rights Reserved.