Govt warns of 'critical' remote code execution vulnerability in Microsoft products - ET Government

<p>The solution to this vulnerability, according to CERT-In, is to apply the appropriate security updates from Microsoft.</p> — The solution to this vulnerability, according to CERT-In, is to apply the appropriate security updates from Microsoft.

In its new vulnerability note, CERT-In, the Indian government’s nodal agency for cyber security related issues, warns that a vulnerability has been reported in Microsoft Office & Windows HTML which could allow a remote attacker to execute arbitrary code on the targeted system.

In its description of the vulnerability, CERT-In says:

“This vulnerability exists in Microsoft Office & Windows HTML due to insufficient validation of user-supplied input when handling cross-protocol file navigation. An attacker could exploit this vulnerability by persuading a victim to open a specially crafted file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.”

The Microsoft Software affected by this vulnerability are:

Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office 2019 for 64-bit editions
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Windows Server 2012 R2 (Server Core installation)

The mitigations of this vulnerability include the following options: Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability.

In current attack chains, the use of the Block all Office applications from creating child processes’ Attack Surface Reduction Rule will prevent the vulnerability from being exploited.

Organizations which cannot take advantage of these protections can add the following application names to this registry key as values of type REG_DWORD with data 1.:
ComputerHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet
ExplorerMainFeatureControlFEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION