News

09/09/2021

Microsoft vulnerability - Remote Code Execution (CVE-2021-40444) 

update from our previous post – Active exploitation of Microsoft vulnerability

Summary 

Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. 

User interaction is required to exploit this vulnerability, users must first open malicious documents. Microsoft Office handles documents received over the Internet in Protected View or through Application Guard for Office, either can prevent CVE-2021-40444 from being exploited. However, users may click the Enable Editing button, thus disarming Microsoft’s security mechanisms. 

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability, shown as: “Suspicious Cpl File Execution”. Customers who utilise automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments ASAP. 

Jisc are not able to carry out Janet wide scans for this vulnerability as it is client based. 

Vulnerable versions: 

  • Microsoft Windows 10 (1607 through 21H1) 
  • Microsoft Windows 8.1 
  • Microsoft Windows 7 
  • Windows Server (2008 R2 through 2022) 
  • Windows Server (2004 and 20H2) 

Recommendation(s): 

  • Ensure a modern anti-malware solution is deployed to all client devices. 
  • Ensure anti-malware policies are applied consistently across all client devices. 
  • Ensure anti-malware solutions (Engines and Definitions) are kept up to date in line with vendor release cycles. 
  • Ensure a security solution is in place at the corporate mail gateway level, preferably one with sandbox capabilities. 
  • Raise user awareness with regards to modern cyberthreats, reminding to never open documents from untrusted sources 
  • Consider disabling ActiveX downloads using the workaround provided by the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 
  • Monitor the above MSRC page for updates from Microsoft on this evolving issue 

Full details and references 

Related Posts

17/01/2024
Ivanti vulnerabilities (CVE-2023-46805, CVE-2024-21887) in widespread exploitation – Action Recommended

Summary: January 10, 2024, Ivanti published an advisory regarding two vulnerabilities (CVE-2023-46805 and CVE-2024-21887) that impact all supported versions of the Connect Secure (formerly known as Pulse Connect Secure) and Policy Secure gateways. CVE-2023-46805 is… More »

News
18/12/2023
Critical Apache Struts 2 vulnerability (CVE-2023-50164) in active exploitation – Action Recommended

Summary: Apache disclosed a critical vulnerability (CVE-2023-50164) in the Apache Struts 2 open-source framework. Successful exploitation can allow an attacker to manipulate file upload parameters to enable path traversal and upload a malicious file. The… More »

News
13/12/2023
2023 Christmas Checklist

To prepare for your Christmas break, please take a minute to read the below checklist, to help make sure there are no unwanted interruptions over the festive period, or in fact any uninvited surprises waiting… More »

News

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners