Microsoft this week warned that hackers are actively exploiting a vulnerability in its Windows program, urging customers to take steps to shore up security.
“Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows,” the company wrote in a security alert issued Tuesday. “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.”
Microsoft warned that an attacker could target victims through Microsoft Office documents, with users tricked into opening a malicious document, which opens a page on Internet Explorer that downloads malware onto the system.
While the company noted that it was investigating the vulnerability, it urged users to keep antivirus software up to date, and that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint worked to detect the vulnerability. It also wrote that disabling its ActiveX software framework from installation in Internet Explorer would “mitigate the attack.”
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers,” the company wrote. “This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”
The Cybersecurity and Infrastructure Security Agency’s (CISA) U.S. Computer Emergency Readiness Team (US-CERT) on Tuesday sounded the alarm on the vulnerabilities, tweeting that CISA “encourages users and organizations to review Microsoft’s mitigations and workarounds to address” the vulnerability.
The vulnerability is the latest security concern that Microsoft has faced in recent months.
A report published last month found that 38 million records from dozens of organizations were exposed online earlier this year due to a misconfiguration in a Microsoft product.
In addition, Microsoft announced earlier this year that a Chinese hacking group known as “Hafnium” exploited security flaws in its Exchange Server email application. The vulnerabilities exposed tens of thousands of companies to cybercriminals, and the Biden administration formally attributed the breach to hackers affiliated with the Chinese government in July.