Microsoft shares temp fix for ongoing Office 365 zero-day attacks

Even though you might not have IE as the standard browser, it’s still waiting to trip you up…:

[…] As there is no security update available at this time, Microsoft has provided the following workaround – disable the installation of all ActiveX controls in Internet Explorer.

A Windows registry update ensures that ActiveX is rendered inactive for all sites, while already available ActiveX controls will keep functioning.

Users should save the file below with the .REG extension and execute it to apply it to the Policy hive. After a system reboot, the new configuration should be applied.

As updates are not available yet for the CVE-2021-40444, they have released the following workaround that prevents ActiveX controls from running in Internet Explorer and applications that embed the browser.


Original Article