Microsoft Issues Emergency Patch for Actively Exploited Office Zero‑Day Vulnerability
Summary of Microsoft Office Vulnerability & Mitigation Steps
This text details a security vulnerability in Microsoft Office that allows attackers to bypass security features locally by sending malicious office files.Here’s a breakdown:
The Vulnerability:
* What it is: A flaw in how Microsoft Office handles untrusted inputs, specifically related to OLE (Object Linking and Embedding) mitigations.
* How it works: An attacker needs to trick a user into opening a malicious Office file. The vulnerability bypasses security features designed to protect against vulnerable COM/OLE controls.
* Impact: Allows an unauthorized attacker to potentially execute code on the user’s system.
* Attack Vector: Requires user interaction (opening a malicious file). The preview pane itself isn’t a direct attack vector.
* Affected Versions: Microsoft 365 and Microsoft Office. Office 2016 and 2019 users have limited mitigation options currently.
Mitigation Steps (for Office 2016/2019 - as provided by the article):
These steps involve editing the Windows Registry. Important: Back up your registry before making any changes!
- Close all Microsoft Office applications.
- Back up the Windows Registry: https://support.microsoft.com/en-us/help/322756/how-to-back-up-and-restore-the-registry-in-windows
- Open registry Editor (regedit.exe): search for “regedit” in the Start menu and press Enter.
- Check for Existing Keys: Look for these keys in the Registry Editor. The correct key depends on your Office and Windows architecture:
* HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0CommonCOM Compatibility (64-bit Office or 32-bit Office on 32-bit Windows)
* HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility (32-bit Office on 64-bit Windows)
* HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunREGISTRYMACHINESoftwareMicrosoftOffice16.0CommonCOM Compatibility
* HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeClickToRunREGISTRYMACHINESoftwareWOW6432NodeMicrosoftOffice16.0CommonCOM Compatibility
- create key if Missing: If any of the above keys don’t exist, create a new key named “COM Compatibility” under the following path:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0Common - Create Subkey: Right-click on the existing or newly created “COM compatibility” key and select New > Key.Name the new key:
{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} - Create DWORD Value: Right-click on the newly created
{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}key and select New > DWORD (32-bit) Value. (The next step, not fully included in the provided text, would likely involve setting the value of this DWORD to 1).
Important Note: these mitigation steps are provided by Microsoft and clarified by the article author. They are a workaround for Office 2016/2019 users until a proper patch is available. Always prioritize installing official security updates from Microsoft when they are released.
