Security researchers are continuously looking for potential flaws in software that could lead to a compromise of users' personal information. This time, It is a new vulnerability in ActiveX, One of the components of the Windows operating system.
ActiveX is one of Microsoft's technologies used for the development of dynamic pages and is used both on servers and clients. These small programs can be included within web pages and serve to perform actions, For example, displaying a calendar.
In the case of this vulnerability, an attacker could create a malicious ActiveX module to be used through a Microsoft Office file, for example a Word file, specially created to hide this malicious program. Like this, if the attacker convinces us to use this malicious Word file, this program will act and would execute code on our computer.
Microsoft, en su comunicado, it states that Microsoft Defender itself, already included in the system, is capable of mitigating the effects of executing this malicious malware. Even so, the company's recommendation is to promptly apply all system updates and antivirus software updates that we have installed. In addition, ensure that Microsoft Office Protected View is enabled (by default, it is) a la hora de abrir archivos descargados de Internet.
Para más información, se puede consultar la página de Microsoft aquí: Microsoft CVE-2021-40444
Fountain: Microsoft Security Research Center
Image: Pixabay