A malicious new exploit means that simply opening a compromised Word document can do great harm to your system.

Recommended image for Office MSHTML errors

A recently discovered flaw in Microsoft's proprietary MSHTML browser engine allows hackers to remotely execute code on all versions of Windows. Attackers use specially crafted Word documents to exploit this zero-day bug. Unfortunately, MSHTML is also used by several Microsoft products, including Skype, Visual Studio, and Microsoft Outlook, so the problem is quite common.

So let's examine how the exploit works and how you can protect yourself from it.

How does the Microsoft Word zero-day exploit work?

The attack begins when users are tricked into opening a weapons-grade Word document. This document contains a specially designed ActiveX control that is intended to be processed by the MSHTML engine. If it loads successfully, hackers can use this ActiveX control to run remote code on the compromised device.

Microsoft Word logo

Microsoft is tracking this bug as CVE-2021-40444 and has assigned it a CVSS score of 8.8. It makes the MSHTML bug a serious problem with the potential to cause significant damage.

How to Mitigate the MSHTML Attack

Users can prevent the MSHTML attack by not opening untrusted Word documents. Even if you accidentally click on such documents, running Office in standard configurations will likely protect you from this latest zero-day attack related to Microsoft.

By default, Office opens documents downloaded from the Internet in either Protected View or Application Guard for Office. This feature prevents untrusted files from accessing critical system resources, so you are likely to be safe.

However, users who work with administrator rights are at high risk from the MSHTML attack. Since there is currently no working patch available, we recommend that you only open Office documents as a standard user, where you can save the Protected View. Microsoft has also said that disabling the ActiveX control could prevent this attack.

Related: Microsoft enables Office 365 Application Guard to protect home workers

How to disable the ActiveX control

To disable the ActiveX control, open a text editor and create a file named disable-activex.reg. You can name this file anything, as long as the .reg Extension is here. Now add the following to the file and save it.

Windows Registry Editor version 5.00
(HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows CurrentVersion Internet Settings Zones 0)
"1001" = dword: 00000003
"1004" = dword: 00000003
(HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows CurrentVersion Internet Settings Zones 1)
"1001" = dword: 00000003
"1004" = dword: 00000003
(HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows CurrentVersion Internet Settings Zones 2)
"1001" = dword: 00000003
"1004" = dword: 00000003
(HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows CurrentVersion Internet Settings Zones 3)
"1001" = dword: 00000003
"1004" = dword: 00000003

Double click the file and click Yes sir when prompted by Windows. Once that's done, restart your PC and Windows will take over the new configurations.

Beware of untrustworthy Word documents

Microsoft has not yet released any official patches for the MSHTML exploit. So not clicking on documents downloaded from the internet is your best bet if you want to stay safe. Fortunately, Defender can detect this attack and prevent your system from being compromised. So make sure you turn on Microsoft Defender and turn on real-time protection.

Microsoft Defender Antivirus function

How to enable Microsoft Defender Antivirus and enable real-time protection

Turning on Microsoft Defender is a simple process. Here is how.

Continue reading

About the author

Rubaiat Hossain
(40 published articles)

Rubaiat is a CS graduate with a strong passion for open source. Aside from being a Unix veteran, he's also into network security, cryptography, and functional programming. He is a passionate collector of used books and has an endless admiration for classic rock.

By Rubaiat Hossain

Subscribe to our newsletter

Subscribe to our newsletter for tech tips, reviews, free e-books, and exclusive offers!

Click here to subscribe