A security vulnerability affects Internet Explorer and Office applications under certain circumstances. Microsoft has taken steps to limit the risks.
February 6, 2019. Chris Jackson, one of Microsoft’s cybersecurity executives, posted a message on the forums of the US company, entitled ” the risks you take using Internet Explorer by default Explaining why Internet users have a vested interest in changing their web browser, the post of the person concerned could be summarized as follows: You should no longer use IE to access the web.
Two years later, the market share of Internet Explorer in the world has become almost negligible: it is estimated at 0.6% worldwide in August 2021, according to Statcounter. A low but complicated score: Compared to the number of Windows computer workstations internationally, there are potentially hundreds of thousands of individuals hiding behind this seemingly small percentage.
It was in this context that Microsoft issued a warning on September 7 about a security flaw in MSHTML. This is the rendering engine used by Internet Explorer to display web pages (and in these circumstances it is called Trident). The rape, which has a high criticality score (between 7.9 and 8.8 / 10), was detected by malicious people.
” Microsoft is investigating reports of an MSHTML vulnerability affecting Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially designed Microsoft Office documents “The Redmond firm says it has taken steps to mitigate the risk.
The scenario of an attack can occur if a malicious ActiveX control (which allows you to make dialog programs) is used by a Microsoft Office document – the office suite of the American company – that hosts the Internet rendering engine Explorer. If the victim opens the document with explosive traps, it could inadvertently give the hacker access to the Windows account used on the computer.
Microsoft is taking protective measures
Faced with this risk, successive measures have been taken: Microsoft’s internal antivirus, Defender, has been updated to detect and counter the exploitation of this malicious code breach. The company also remembers that documents on the network that open in Office are locked: this is the protected mode, which ensures that documents are read-only.
In addition, the company provides instructions for intervening in the Windows registry, which requires good computer skills to avoid making mistakes. With the manipulation described by Microsoft, it is possible to disable the installation of all ActiveX controls in IE to protect yourself. It will not prevent the already installed ActiveX controls from working without risk.
It should be noted that other peripheral measures may play a role in the security of Internet users. We know that Microsoft is embarking on a plan to end IE: In November 2020, Teams stopped supporting IE 11, the latest version of the browser. Then, in August 2021, the same scenario occurred for Microsoft 365, the company’s online office suite.
Microsoft has set aside Internet Explorer, which prefers Edge. This is a restart of the American company in the browser market, with a more modern and better cared for solution. This Microsoft Edge has evolved over time as it ended up marrying the same software base as Google Chrome, with the free Chromium web browser.
More generally, the days of Internet Explorer are numbered: the application must be removed from Windows 10 before June 2022. That said, Microsoft said in its message that this uninstall would not affect certain versions of the operating system (those entitled to extended support) or the MSHTML / Trident rendering engine. In addition, parts of this component will remain in Windows 11.