On September 7, 2021, some threat-intel researchers were made aware of a new threat against Windows operating systems and Microsoft Office products. With the identifier CVE-2021-40444, the MSHTML (the main HTML component of the Internet Explorer browser) engine is vulnerable to arbitrary code execution by a specially crafted Microsoft Office document or rich text format file.
CVE ID |
CVSS Score V3 |
CVSS Criticality |
Type |
Description |
CVE-2021-40444 |
7.8 |
High |
Remote Code Execution |
Microsoft MSHTML Remote Code Execution Vulnerability |
Analysis
CVE-2021- 40444
The exploitation of CVE-2021-40444 requires a user to manually open a malicious Office document to initiate the execution of malicious code on a vulnerable Windows host.
On September 14, 2021, Microsoft released a patch advisory for a remote code execution (RCE) vulnerability affecting all versions of Microsoft Windows tracked as CVE-2021-40444. To exploit this vulnerability, threat actors can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.
Solutions and Recommendations
Patch information for each affected version of Microsoft Windows can be found in Microsoft’s Patch Advisory.
If you are unable to apply the patch to Windows systems, Arctic Wolf recommends exploring the workarounds provided by Microsoft, which includes:
- Disabling the installation of all ActiveX controls in Internet Explorer
- Disabling previewing of documents in Windows Explorer
References
Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.