September 21, 2023

Microsoft said it has identified a limited number of attacks targeting a remote code execution vulnerability in MSHTML that affects Microsoft Windows tracked as CVE-2021-40444.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.The attacker would then have to convince the user to open the malicious document.

The Microsoft release notes that their Defender Antivirus and Defender for Endpoint protect against the vulnerability. The detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender alert will show up as “Suspicious Cpl File Execution.”

Once investigation is finished, Microsoft will send out a security update in a Patch Tuesday release or in a separate out-of-cycle security update. Once after updation opening documents from the internet in Protected View or Application Guard for Office by default, both of which prevent the current attack.

Microsoft suggested disabling the installation of all ActiveX controls in Internet Explorer as a work around.

Tags:

2 thoughts on “ActiveX Control RCE

  1. Pingback: Patch Tuesday September 2021 – TheCyberThrone
  2. Pingback: Ryuk exploits MSHTML Bug – TheCyberThrone

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: