Another Android Zero-Day Flaw Makes Headlines; What You Should Know
By: Jim Stickley and Tina Davis
October 5, 2021
Urgency is the key to preventing this latest zero-day security flaw from assaulting Android devices using Microsoft Office with Internet Explorer (IE). A flaw labeled with “zero-day” means hackers locate and abuse the flaw before software developers or security researchers find it. The key to a zero-day’s success is they are exploited before a security patch is released. Zero-day exploits can happen at any time on any device and its software, and immediately applying the security patch is a necessary defense.
Zero-Day Flaw: Android Microsoft And Internet Explorer
Microsoft warned its users of this zero-day flaw affecting IE even though the company announced it will stop supporting IE sometime next year. Attackers use this flaw to weaponize Office documents leading to the takeover of vulnerable Windows systems. Microsoft explains this zero-day involves a remote code execution flaw affecting the browser engine for IE. This browser is used for Office content involving Word, PowerPoint, and Excel documents. The way to help avoid this zero-day without a patch for it, Microsoft explains, is by running Office using its default configurations. In a compromised system, downloaded documents are opened in Protected View or Application Guard for Office, a way to hinder untrusted files from entering trusted resources in the system, effectively blocking the zero-day from taking place.
According to MIT Technology Review, a zero-day vulnerability is quite valuable on the dark web’s open market, with many having a price tag of over $1 million. Added to that, zero-days also present a higher risk for users as attackers rush to exploit them before those who can fix them even know it exists. It can take weeks, months or even years before a zero-day is discovered and patched by its developers. Once a zero-day flaw is patched, it’s no longer in the zero-day category – but there are zero-day flaws that are never found by those other than cybercriminals, with some still actively exploited years later.
Zero-day flaws not only bring a high price tag on the dark web, but the when and where of their existence is unknown until they are discovered by those other than hackers. With the next zero-day flaw already in cyberspace, we have no idea who the next victims will be and when and where it will appear. What we can do is apply security patches as soon as they are available and keep tabs on the latest zero-day discoveries to find if you too are affected and if a patch is available. In addition, if you’re still attached to your version of Internet Explorer, consider switching to a supported Microsoft browser or another one altogether so you have support.
Remember, vigilance goes a long way helping keep us safe from the next zero-day threat already on our doorstep.