Microsoft has simply rolled out an replace fixing 66 safety vulnerabilities as a part of this month’s Patch Tuesday. One of them addresses a essential zero-day vulnerability that is being actively exploited by hackers utilizing Office information containing malicious ActiveX controls. A number of days in the past, Microsoft issued a warning concerning the flaw after being notified by safety researchers who found that dangerous actors are exploiting it by tricking potential victims into opening malicious Office information. Upon being opened, the file routinely launches a web page on Internet Explorer, which accommodates an ActiveX management that downloads malware onto the sufferer’s pc.

When Microsoft revealed the warning, it did not have a repair but and solely requested customers to ensure Microsoft Defender Antivirus or Microsoft Defender for Endpoint are change on. Both packages can detect makes an attempt to take advantage of the vulnerability. It additionally suggested customers to disable all ActiveX controls on Internet Explorer. The vulnerability often called CVE-2021-40444 impacts Windows Servers from model 2008 and Windows 7 by way of 10. Security researchers proved that the exploit is 100% dependable, and all it might take to contaminate a pc is to open the file a hacker sends. Now, the brand new replace will ensure the flaw cannot be exploited anymore.

In addition to patching CVE-2021-40444, the replace additionally fixes two different essential flaws. As The Register notes, it fixes two distant code execution vulnerabilities for Windows WLAN AutoConfig Service and Open Management Infrastructure.