September 21, 2023

Microsoft said it has identified a limited number of attacks targeting a remote code execution vulnerability in MSHTML that affects Microsoft Windows tracked as CVE-2021-40444.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.The attacker would then have to convince the user to open the malicious document.

The Microsoft release notes that their Defender Antivirus and Defender for Endpoint protect against the vulnerability. The detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender alert will show up as “Suspicious Cpl File Execution.”

Once investigation is finished, Microsoft will send out a security update in a Patch Tuesday release or in a separate out-of-cycle security update. Once after updation opening documents from the internet in Protected View or Application Guard for Office by default, both of which prevent the current attack.

Microsoft suggested disabling the installation of all ActiveX controls in Internet Explorer as a work around.

2 thoughts on “ActiveX Control RCE

Leave a Reply

%d bloggers like this: