Internet Explorer MSHTML Remote Code
Microsoft has made public a vulnerability within Internet Explorer version 11 on Windows 10 and Windows Server 2019. It is not as widely used with Edge, Firefox, and Chrome (to name a few web browsers), but it is still used in some environments.
Microsoft has not yet released a patch for this vulnerability – sources are suggesting it may be available the week of September 13th at the earliest. There are workarounds, but these are also being tested and exploited. By default, opening a document containing MSHTML ‘from the Internet’ will prompt Office to put the document into Protected-Mode, which is read-only and cannot exploit the vulnerability. It is vital not to open file attachments from unknown senders or be cautious when clicking ‘Enable Editing’ on a document downloaded from known senders. Antivirus software vendors will also be updating their detection signatures individually, which will have various near-term deployment schedules.
- Do not open unexpected Office documents or those received from unknown senders.
- Do not Enable Editing in documents from those above.
- Avoid using Internet Explorer 11 temporarily (IE11 retirement date is 6/15/22) – switch to Edge, Firefox, or Chrome.
- Install the update from Microsoft once it is made available.
- Verify antivirus endpoint detection signatures are up to date.