April 19, 2024

Microsoft said it has identified a limited number of attacks targeting a remote code execution vulnerability in MSHTML that affects Microsoft Windows tracked as CVE-2021-40444.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.The attacker would then have to convince the user to open the malicious document.

The Microsoft release notes that their Defender Antivirus and Defender for Endpoint protect against the vulnerability. The detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender alert will show up as “Suspicious Cpl File Execution.”

Once investigation is finished, Microsoft will send out a security update in a Patch Tuesday release or in a separate out-of-cycle security update. Once after updation opening documents from the internet in Protected View or Application Guard for Office by default, both of which prevent the current attack.

Microsoft suggested disabling the installation of all ActiveX controls in Internet Explorer as a work around.

Tags:

2 thoughts on “ActiveX Control RCE

  1. Pingback: Patch Tuesday September 2021 – TheCyberThrone
  2. Pingback: Ryuk exploits MSHTML Bug – TheCyberThrone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

HashiCorp Critical Vulnerability – CVE-2024-3817

April 18, 2024

Cisco Integrated Management Controller Vulnerabilities

April 18, 2024

Windows Kernel Vulnerability – CVE-2024-21338 PoC Exploit Released

April 17, 2024

Cisco Duo Identify Data Breach

April 17, 2024

Tanium new Automate Feature

April 16, 2024

Patch released CVE-2024-3400 added to KEV Catalog

April 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading