On 7 September 2021, some threat-intel researchers were made aware of a new threat against Windows operating systems and Microsoft Office products. With the identifier CVE-2021-40444, the MSHTML (the main HTML component of the Internet Explorer browser) engine is vulnerable to arbitrary code execution by a specially crafted Microsoft Office document or rich text format file.
|
CVE ID |
CVSS Score V3 |
CVSS Criticality |
Type |
Description |
| CVE-2021-40444 |
7.8 |
High |
Remote Code Execution |
Microsoft MSHTML Remote Code Execution Vulnerability |
Analysis
CVE-2021- 40444
The exploitation of CVE-2021-40444 requires a user to manually open a malicious Office document to initiate the execution of malicious code on a vulnerable Windows host.
On 14 September 2021, Microsoft released a patch advisory for a remote code execution (RCE) vulnerability affecting all versions of Microsoft Windows tracked as CVE-2021-40444. To exploit this vulnerability, threat actors can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.
Solutions and Recommendations
Patch information for each affected version of Microsoft Windows can be found in .
If you are unable to apply the patch to Windows systems, Arctic Wolf recommends exploring the which includes:
- Disabling the installation of all ActiveX controls in Internet Explorer
- Disabling previewing of documents in Windows Explorer
References
Learn more about Arctic Wolf¡¯s Managed Risk solution or request a demo today.
