Industry Insights

Blog, Security

New MSHTML Vulnerability Exploitable in Windows Operating Systems

by | Monday, November 29th, 2021

Yet another major vulnerability has been discovered, this time in Microsoft’s MSHTML browser engine. The vulnerability, discovered and tracked by Kaspersky, is currently being exploited all over the world. As such, it is critical that you know how to avoid vulnerabilities like this so that you do not inadvertently allow a hacker onto your network.

What is MSHTML?

For a little bit of background, MSHTML is the browser engine that is found in both the personal computer and server unit versions of Windows. As such, this vulnerability can be found in just about any device that runs most versions of the Windows OS. In particular, as with most forms of cyberthreats, the primary industries targeted include telecommunications, medical technology, industry, energy, banking, energy, and research and development.

How Does the Exploit Work?

The vulnerability itself is simple to exploit. All an attacker needs to do is send an infected Office file to someone. Once the infected file is downloaded, it will run code and execute the payload, infecting the target machine. Kaspersky claims that attackers then use ActiveX to go about even more malicious acts, such as downloading backdoors into the user’s system. It is thought that this threat is most dangerous when used against someone with administrative privileges, such as IT teams, rather than your average user.

What Can Be Done About It?

While MSHTML has since been patched by Microsoft, the issue is still relatively simple to avoid: don’t download the infected Microsoft Office document. Furthermore, you should never download attachments from sources you do not recognize, especially if they look the least bit suspicious.

You might notice that these are best practices that we routinely preach, which is a testament to how many threats you actually can avoid simply by following them.

This also highlights the importance of applying security patches and updates for your critical business technology. If you don’t, you put your business’ security at risk—something that you absolutely cannot risk.

Don’t let threats like these become problems for your business. Through working with Compudata, you can learn all about best practices and implement security solutions designed to maximize network security. To learn more, reach out to Compudata at 1-855-405-8889.

A Glimpse Into What Compliance Looks Like for Businesses

Apr 7, 2025 | ,

It’s easy to see all the reasons why you should make data regulations and compliance a priority. After all, you want to ensure you don’t violate the trust and security of your customers, as well as the integrity of your operations. If you make even one mistake, it...

AI Search Isn’t There Yet

Apr 4, 2025 | ,

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Remote Work Is Great, but There Are Some Pitfalls

Apr 2, 2025 | ,

Do you have employees working remotely? If you do, the real question is, are you doing everything you can to keep them productive and secure? Remote work is awesome, but it comes with its fair share of risks. Today, we get into how to competently confront them. Remote...

Hiring IT is Hard (Here’s How to Make It Easier)

Mar 28, 2025 | ,

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...

Let’s Take the Lid Off of CAPTCHA

Mar 21, 2025 | ,

We've officially reached the point where humans have to prove they're, well, human just to access websites. One of the most common ways to do this? CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It might sound...

Automation Isn’t Always the Best Business Option

Mar 17, 2025 | ,

Automation makes sense from an operations standpoint, and people see this despite the many who advocate for scaling back to save jobs. For every task that can be completed, however, less than half can be automated. When you consider all the tasks that a human might be...

More Reading from Industry Insights:

AI Search Isn’t There Yet

by | Apr 4, 2025 | ,

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Hiring IT is Hard (Here’s How to Make It Easier)

by | Mar 28, 2025 | ,

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...