Microsoft has acknowledged a newly discovered vulnerability that could allow hackers to attack users with Microsoft Office files.

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” Microsoft explains. “The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Yes, you read that right: 20 years later, and we’re still dealing with ActiveX-based vulnerabilities. But the good news is that Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection of and protection from the known vulnerability, according to Microsoft.

It’s likely that Microsoft will issue a fix for this problem next Tuesday, but in the meantime, all you need to do is keep your antivirus solution up to date. The firm also offers some workarounds in its security advisory.

Tagged with Security