Security Concerns With Some Microsoft Products
/https://restore.solutions//articles/images/cert-in-1.jpg)
The Indian Computer Emergency Response Team (CERT-In) has highlighted a new security concern related to certain Microsoft products
The Indian CERT-In has identified a recently discovered vulnerability that affects Microsoft Office and Windows HTML. This vulnerability allows potential attackers to remotely execute code without physical access to the targeted system.
The vulnerability, which was reported by CERT-In, enables unauthorized individuals to exploit the system and gain control over the affected device. This poses a significant risk to data security and may potentially expose sensitive information.
The following versions of Microsoft products are affected by this vulnerability:
Windows 10 (x64-based, 32-bit, and 22H2 versions)
Windows 11 (22H2 and ARM64-based versions)
Windows Server 2022 and 2019
Windows 10 (Version 21H2 and 1809)
Microsoft Word (2013 Service Pack 1 and 2016 editions)
Microsoft Office LTSC 2021 and 2019
Windows Server 2012, 2008 R2, and 2008
Windows Server 2016
Windows 10 (Version 1607)
Windows Server 2012 R2
Microsoft Office 2019
The vulnerability in Microsoft Office and Windows HTML arises from inadequate validation of user-provided input during cross-protocol file navigation.
To exploit this vulnerability, an attacker must convince the victim to open a specially crafted file. Through this weakness, the attacker can remotely execute arbitrary code, thereby jeopardizing the security and reliability of the targeted system.
To mitigate the associated risks, CERT-In recommends the following crucial measures:
Users with Microsoft Defender for Office installed are already protected against attachments attempting to exploit this vulnerability.
Enabling the "Block all Office applications from creating child processes" Attack Surface Reduction Rule is strongly advised as it effectively thwarts the exploitation of this vulnerability.
For organizations unable to implement these protections, CERT-In suggests adding the following application names as REG_DWORD values, each with a data value of 1, to the designated registry key:
Excel.exe
Graph.exe
MSAccess.exe
MSPub.exe
PowerPoint.exe
Visio.exe
WinProj.exe
WinWord.exe
By following these recommendations, users and organizations can proactively address the risks posed by the Microsoft Office and Windows HTML vulnerability, thereby enhancing their overall security posture.