Unpatched Office attack reminds us: Don't click on risky docs

Microsoft is warning of a new Office vulnerability that can probably be avoided by continuing to use smart Internet practices. Namely, don’t open untrusted documents.

Researcher EXPMON reported a new vulnerability to Microsoft on Sunday, the company said, and Microsoft confirmed the vulnerability in a security update on Monday.  Microsoft has yet to issue a patch, though Microsoft said it will “take the appropriate action to help protect our customers.”

The vulnerability takes advantage of the MSHTML rendering engine used by Internet Explorer, a browser that Microsoft has deprecated. (IE will still run within Edge, but within the browser’s sandbox, protecting your PC.) So instead, the attackers are targeting the IE engine running within Microsoft 365 or Office documents. If a malicious Office document is sent you via email, then clicked upon and enabled, the vulnerability could be used to give an attacker control of your PC.

To read this article in full, please click here

from PCWorld https://ift.tt/3yOJO9i