The Federal Office for Information Security (BSI) warns of another zero-day exploit in Microsoft operating systems.
On September 7th of this year, Microsoft published information about a previously unpatched security vulnerability that is already being exploited by attackers. Office documents are being sent that, when opened, exploit a vulnerability in the Internet Explorer browser engine to download and install malicious ActiveX controls. The German Federal Office for Information Security (BSI) considers this a medium threat level.
All operating systems supported by Microsoft are affected, whether clients or servers.
Microsoft itself points out in its statement that the "protected view" enabled by default when opening Microsoft Office documents drastically reduces the likelihood of infection. However, end users can override this at any time.
Until a corresponding patch is released, Microsoft recommends disabling ActiveX in Internet Explorer. with the help of a registry update. To save you from having to do this manually for each customer computer, we've provided a script in SYNAXON Managed Services Monitoring & Management that disables ActiveX in Internet Explorer using a registry entry. This is the "Device: CVE-2021-40444" task, which must be run on the customer devices.
A brief summary of the zero-day exploit on Microsoft operating systems:
- All Windows versions are affected.
- Attack via email attachments containing Office documents
- The patch is not yet available.
- Solution: Use the task "Device: CVE-2021-40444" in SMS RMM to set the registry key recommended by Microsoft and thus disable ActiveX in Internet Explorer.
To execute the task, leave the command line empty. After running the script, it's crucial that you restart your customer's machine! Once the security vulnerability has been closed by the upcoming patch, you can simply enter "back" in the command line and run it again. This will revert the settings.
Tip: The script can easily be run on a recurring basis. Therefore, the task can be run daily using the option... „"Complete the task as soon as possible if the schedule has been missed."“ be created.
If you have any questions about the "Device: CVE-2021-40444" task, please feel free to contact us!
sms@synaxon.de | 05207 / 9299 444