March 21, 2023

Microsoft said it has identified a limited number of attacks targeting a remote code execution vulnerability in MSHTML that affects Microsoft Windows tracked as CVE-2021-40444.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.The attacker would then have to convince the user to open the malicious document.

The Microsoft release notes that their Defender Antivirus and Defender for Endpoint protect against the vulnerability. The detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender alert will show up as “Suspicious Cpl File Execution.”

Once investigation is finished, Microsoft will send out a security update in a Patch Tuesday release or in a separate out-of-cycle security update. Once after updation opening documents from the internet in Protected View or Application Guard for Office by default, both of which prevent the current attack.

Microsoft suggested disabling the installation of all ActiveX controls in Internet Explorer as a work around.

Tags:

2 thoughts on “ActiveX Control RCE

  1. Pingback: Patch Tuesday September 2021 – TheCyberThrone
  2. Pingback: Ryuk exploits MSHTML Bug – TheCyberThrone

Leave a Reply

You may have missed

Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
ForgeRock new Passwordless Service

ForgeRock new Passwordless Service

March 20, 2023
New Decryptor for Conti Ransomware Released

New Decryptor for Conti Ransomware Released

March 20, 2023
Royal Dirkzwager hit by Play Ransomware

Royal Dirkzwager hit by Play Ransomware

March 20, 2023
Trigona Ransomware Disection

Trigona Ransomware Disection

March 19, 2023
Makop Ransomware Disection

Makop Ransomware Disection

March 19, 2023
%d bloggers like this: