Microsoft issues urgent advice to protect Outlook and Word users from ongoing attacks

MICROSOFT OUTLOOK and Word users are the targets of an ongoing and dangerous cyber attack. If you want to protect yourself from the Office 365 threat the Windows 10 makers have offered some essential advice you need to follow today.

Microsoft Outlook advice about ongoing attack

Microsoft issues Outlook advice ongoing attack (Image: MICROSOFT • GETTY)

The Redmond-based tech giant has revealed a temporary fix for a zero-day Office vulnerability that hackers are currently exploiting. The attacks are targeting Office 365 and Office 2019 users running Windows 10 right now. Experts have ranked the threat - which impacts users of popular apps like Outlook and Word - as a 8.8 out of 10 security risk.

To exploit the flaw, hackers are spreading specially crafted Office documents that potential victims have to click on.

Speaking about the threat in an advisory, Microsoft explained: "An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document".

At the time of writing, no patch has been released to address the issue.

READ MORE:

Windows 11: Microsoft teases brand new software update

However, Microsoft has offered a temporary fix that will protect Office 365 and Office 2019 users.

Firstly, the attack can be mitigated if Microsoft Office is running the default configuration and opens documents from the web in Protected View or Application Guard.

The former is a read-only mode where most editing functions are disabled, while the latter isolates untrusted documents.

Another workaround that Microsoft listed online is disabling the installation of all ActiveX controls.

Microsoft said: "Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.

Microsoft Office 365 app threat

Microsoft Office 365 app users are the target of an ongoing attack (Image: MICROSOFT • GETTY)

"If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk."

Windows 10 users were alerted to this threat earlier this week by the EXPMON exploit detection service.

Researchers warned it was a dangerous flaw and in the face of it Office users should only open documents from trusted sources.

The @EXPMON_ Twitter account posted: "EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there's no patch, we strongly recommend that Office users be extremely cautious about Office files - DO NOT OPEN if not fully trust the source!"

Would you like to receive news notifications from Daily Express?