Support Center

iStock

Contact Info

Phone Support
Support Email

Submit a Support Request

Security Advisor

Microsoft MSHTML Remote Code Execution Vulnerability

CVE-2021-40444

Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

Summary

Multiple Cybersecurity intelligence have issued bulletin regarding growing number of actively exploiting a vulnerability in MSHTML that affects Microsoft Windows.

Technical Details:

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document versions Office 365 and Office 2019 that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document to exploit and take control of system to deploy other malware or ransomware.

Mitigations

  1. Users should be only opening Microsoft Documents in protected view if it comes from Internet or untrusted source to make sure it is legit.
  2. Do not open Microsoft Documents that is not expected or ZIP files that contain Microsoft Documents that is from an untrusted source