Microsoft warned on Tuesday of a zero-day vulnerability in MSHTML (CVE-2021-40444) that is known to be exploited in the wild by the malicious actors for targeted attacks. Specifically, the vulnerability exists in the MSHTML that is hosted in Microsoft Office documents.
Introduced with Microsoft Internet Explorer, MSHTML is the main HTML component of the Internet Explorer and is being used in Microsoft Office applications for rendering HTML content.
According to Microsoft, attackers could create a malicious ActiveX control to be executed in MSHTML hosted by a Microsoft Office document. To conduct a successful attack, adversaries would also have to convince the targeted users to open the malicious documents via social engineering techniques such as phishing.
As a result of a successful attack, adversaries could gain the same level of privileges with the targeted users. In this respect, Microsoft warns that users operating with administrative user rights would be affected more seriously than the users running accounts with limited rights, if an attack occurs.
Note that the attacks due to the MSHTML vulnerability can be thwarted if the default unprivileged run configuration for the ActiveX controls is not changed by the users when opening a maliciously crafted Microsoft Office document. Additionally, Microsoft notes that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can provide detections and protections for this vulnerability.
A successful exploitation of the CVE-2021-40444 vulnerability could lead a remote attacker to gain full control of the system and run arbitrary code with SYSTEM privileges. After gaining elevated privileges attackers can install arbitrary programs and can view, change or delete unauthorized data on the system.
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Currently, there is no available patch to remediate the CVE-2021-40444 vulnerability. However, Microsoft is expected to issue a patch with this month’s Patch Tuesday updates.
Microsoft declares that both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can provide detection and protections for the this vulnerability. Thus, currently users are advised to keep their anti-malware products up to date.
Also, as a mitigation, ActiveX controls in Internet Explorer should be disabled by users, as suggested by Microsoft.
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.Kevin Mitnick
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.