Microsoft is investigating reports that some attackers are using specially crafted Microsoft Office documents to exploit a critical new security vulnerability in Microsoft Windows. An attacker who successful exploits the vulnerability could execute remote code on an affected system. Additional details are available in a special security advisory on Microsoft’s website that was released outside of its normal monthly cycle of security bulletins.
Pitt IT expects attackers will use phishing attacks to attempt to exploit this vulnerability. Please take the following steps to help protect your systems:
- Ensure your endpoints are running the most up-to-date version of Microsoft Defender for Endpoint and that they have the latest signatures. Microsoft Defender for Endpoint detects and blocks attacks that leverage this vulnerability.
- Ensure that Microsoft Protected View or Application Guard for Office are enabled on your endpoints. Microsoft Protected View, which is enabled by default, prevents attacks that leverage this vulnerability. If you have disabled Protected View, Pitt IT strongly recommends that you re-enable it.
In addition, Pitt IT strongly recommends that users use caution when downloading unsolicited email attachments from both Pitt and personal email accounts, as well as carefully evaluating attachments before considering disabling the protections provided by Protected View. If you were not expecting to receive such an attachment, please confirm the validity of the email with the sender before interacting with any attachment.
This new vulnerability affects the following systems:
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2008 R2
- Windows RT 8.1
- Windows 8.1
- Windows Server 2016
- Windows 10
- Windows Server 2019
- Windows Server 2022
Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.