• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Information

Imminent danger from docx files: How to protect yourself (Update)

Security update available

Microsoft has released security updates to address this vulnerability. Please see the table at the bottom of this page to determine the update that is appropriate for your system.

Microsoft is currently warning customers about a serious security vulnerability in connection with docx files. The dangerous thing about this vulnerability is the fact that simply opening the respective Word file is sufficient to execute the malicious code and enable remote code execution. An additional activation of any macros is not necessary. Read on to find out how you can protect yourself from this danger.

How are the attacks carried out?

The criminals use a prepared ActiveX element as an attack vector, which they insert into Microsoft Word files. After opening the file, malicious code is then downloaded via the browser and infects the respective computer. In the cases observed, Cobalt Strike was loaded first, which is also used for threats from dangerous XLL files.

The vulnerability lies in the browser engine MSHTML (also called Trident), which enables the reloading mentioned. This engine is the HTML rendering engine of all versions of Internet Explorer on Windows systems. It was introduced with Internet Explorer 4 and is a core component of all versions of the browser.

It is also possible that users of other browsers are affected by the vulnerability.

What does Microsoft say?

The vulnerability can be viewed at Microsoft under the number CVE-2021-40444. As mentioned on the page, the vulnerability is already being actively exploited. Microsoft points out that no elevated rights or special requirements are necessary to carry out the attack.

How can you protect yourself?

NoSpamProxy protects through Content Disarm and Reconstruction (CDR)

NoSpamProxy users can protect themselves from dangerous docx files by configuring Content Disarm and Reconstruction (CDR) in a content filter action accordingly.

  1. Go to Configuration > Content filter > Content filter actions and click Add. 
  2. Create the content filter action and tick the checkbox Convert Word documents into PDF on the Content Disarm page.
    cdr-docx-en
  3. Make the further settings as required.
  4. Select the content filter action in the corresponding content filter entry.

You are now protected by CDR.

Be aware that the process of converting to PDF terminates with an error message. This is a normal behaviour and not a malfunction.

Disable ActiveX via Registry 

Microsoft is working on an official fix and until then recommends disabling ActiveX controls completely via the registry.

Be aware that ActiveX elements that are already active remain unaffected by this.

  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Spear-throwing machines: How Artificial Intelligence Makes Phishing Scalabl...Wie Künstliche Intelligenz Phishing skalierbar macht PreviewADN nimmt NoSpamProxy ins Portfolio auf PreviewADN adds NoSpamProxy to its portfolio
Scroll to top