Security Advisory for Office 365 – 09-09-2021

We would like to inform you that Microsoft has announced it is aware of ongoing targeted attacks, that try to exploit a new vulnerability in Office 356 and Office 2019.

This article informs you  about the status, risks and how to prevent your organization from getting infected.

Ongoing Attack against Office 365

Identified by Microsoft as CVE-2021-40444, the security issue affects Windows Server 2008 through 2019 and Windows 8.1 through 10 and has a severity level of 8.8 out of the maximum 10.

Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents that are sent by Email.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. Upon opening it, the document loads the Internet Explorer engine to render a remote web page from the threat actor.

Malware is then downloaded by using a specific ActiveX control in the web page. Executing the threat is done using “a trick called ‘Cpl File Execution’,” referenced in Microsoft’s advisory.

How can you protect yourself

Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action, however it is advised to inform your staff once again not to open emails or attachments from unknown sources.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability.

Additional ways to protect your organization:

For customers who are looking for additional protection, we have two recommendations:

Defender for Office 365 Plan 1 (Advanced Threat Protection)

Defender for O365 Plan 1 protects your users from incoming virus or malware via email. The advanced anti spam/virus/phishing engine will scan all incoming email for any malicious content. This is recommended as an add on for all Business Basic, Standard, E1 and E3 subscriptions.

Malwarebytes EndPoint Protection

From our experience, especially for businesses in Asia, Malwarebytes offers by far the most effective antivirus protection for Laptops/Desktops and Servers. Malwarebytes is 100% managed in the cloud and Detects and blocks ransomware from encrypting files using signature-less behavioral monitoring technology. Identifies entire families of known malware by using a combination of heuristic and behavioral rules.

From our experience, we have seen Malwarebytes detect and protect customers data where other antivirus solutions such as Symantec, Kaspersky and others failed to detect the infection.

More information here: https://accessorange.com/malwarebytes/

If you want to know more about Defender for Office 365 or Malwarebytes, please contact our sales team at [email protected] or chat with us via our website chat.

Stay safe!