Security researchers have identified a vulnerability affecting Microsoft Windows 7, 8, 10, and 11 and all versions of Microsoft Office where an exploit can be executed on a victim's computer directly from infected files. The attacker takes advantage of the fact that code trusted by Windows OS can run from within RTF and Office documents when they are included in emails or have been downloaded.
Be aware of these best practices for handling digital files:
- Confirm the sources of files before interacting with them
- Only download or open files when you trust the source
- Keep documents in ''Protected Mode''/''Protected View'' while reviewing them
- Use anti-malware tools to scan files when there is a question if the file is safe to open (keep in mind that anti-malware tools can scan attributes of a file for known markers of likely indicators that a file is malicious, but can't perfectly predict or eliminate risk when dealing with an unknown file)
Be scrutinous and use common sense precautions about files that didn't come from you or that have been sent over the internet.
Conditions that increase the risk of a file running malicious code without a victim's knowledge:
- Having a preview pane enabled in an email client such as Microsoft Outlook or in Windows File Explorer (a preview pane feature checks the contents of the email or file; in doing so this feature can unintentionally execute malicious code)
- Allowing viewing/loading of blocked elements in emails and email previews (loading these extra elements can run malicious code, can be used for tracking user behavior, etc.)
- Disabling the ''Protected Mode'' in Microsoft Office when one of the apps opens downloaded/imported/unverified files (disabling this feature can permit or increase the scale of access the file's content has to execute complex instructions on your computer)
Never disable any ''Protected Mode''/''Protection Mode''/''Protected View'' feature for a file unless you 100% trust the source and have a compelling and specific reason. Please reach out for support if you need help with an application's ''protected mode'' or assessing if it's safe to interact with a file.
For more information about the recent vulnerability, see Microsoft's official release: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444