The vulnerability in Internet Explorer and Microsoft Office allows an attacker to take remote control of a server or a PC through documents containing malicious Active-X controls.
On its website, Microsoft reports that they will not be able to make a patch available until at least September 14. Microsoft’s proposed temporary workaround involves changing registry keys to disable installation of Active-X controls.
Refer to Microsoft’s site for detailed instructions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
Without the bypass measure, Office provides basic protection by asking the user to allow editing of the document by clicking the “Enable Editing” button. Under no circumstances should this permission be given.
It is important to implement the circumvention measure quickly to avoid becoming a victim of the malicious groups that exploit this vulnerability. As always, Sémafor Conseil can help you if necessary.
