rocketwise

Security researchers have identified a vulnerability affecting Microsoft Windows 7, 8, 10, and 11 and all versions of Microsoft Office where an exploit can be executed on a victim’s computer directly from infected files.  The attacker takes advantage of the fact that code trusted by Windows OS can run from within RTF and Office documents when they are included in emails or have been downloaded. 

Be aware of these best practices for handling digital files:

      • Confirm the sources of files before interacting with them
      • Only download or open files when you trust the source
      • Keep documents in ”Protected Mode”/”Protected View” while reviewing them
      • Use anti-malware tools to scan files when there is a question if the file is safe to open (keep in mind that anti-malware tools can scan attributes of a file for known markers of likely indicators that a file is malicious, but can’t perfectly predict or eliminate risk when dealing with an unknown file)
Be scrutinous and use common sense precautions about files that didn’t come from you or that have been sent over the internet.

 
Conditions that increase the risk of a file running malicious code without a victim’s knowledge:
      • Having a preview pane enabled in an email client such as Microsoft Outlook or in Windows File Explorer (a preview pane feature checks the contents of the email or file; in doing so this feature can unintentionally execute malicious code)
      • Allowing viewing/loading of blocked elements in emails and email previews (loading these extra elements can run malicious code, can be used for tracking user behavior, etc.)
      • Disabling the ”Protected Mode” in Microsoft Office when one of the apps opens downloaded/imported/unverified files (disabling this feature can permit or increase the scale of access the file’s content has to execute complex instructions on your computer)
 
Never disable any ”Protected Mode”/”Protection Mode”/”Protected View” feature for a file unless you 100% trust the source and have a compelling and specific reason.  Please reach out for support if you need help with an application’s ”protected mode” or assessing if it’s safe to interact with a file.

 
For more information about the recent vulnerability, see Microsoft’s official release:  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

 
 

Written by

Kevin possesses the unique ability to understand, and explain in non-threatening and non-technical ways how technology, business and team members work with, and sometimes, against each other. He has an innate ability to understand how technology works at the basic conceptual level and how it interacts with hardware, software, networking, people and business processes. A rare combination in today's technology arena.

Kevin lives in Charleston, South Carolina with his bride Summer, their two sons - Caleb and Isaiah - and their Vizsla wonder dog Dexter.

WHAT OUR EXPERTS HAVE TO SAY

Password Managers

Published by Kevin Landers on January 7, 2022

Multi-Factor Authentication (MFA)

Published by Kevin Landers on January 7, 2022

Risks of Compromised Passwords

Published by Kevin Landers on January 7, 2022