Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0177.2 Microsoft MSHTML Remote Code Execution Vulnerability 15 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MSHTML Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-40444 Revision History: September 15 2021: Microsoft has released security updates to address this vulnerability September 8 2021: Initial Release OVERVIEW Microsoft has released an advisory detailing a remote code execution vulnerability in Windows that is currently being exploited in the wild. CVE CVE-2021-40444 has been assigned to this vulnerability. [1] IMPACT Microsoft has stated the following: "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights." --------------------UPDATE 14/09/2021-------------------- Microsoft has released security updates to address this vulnerability. [1] MITIGATION Microsoft advises that by default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack. [1] Microsoft also advises that disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. [1] Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. [1] --------------------UPDATE 14/09/2021-------------------- Microsoft has released security updates to address this vulnerability. [1] REFERENCES [1] Microsoft MSHTML Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUGF5uNLKJtyKPYoAQipMQ//TsOENnE/brDRaDnPkeadYIaFG/55RTfc 6L6tcJLqrJN69kHlBnoyNpbsQPkIxeAUGAQkwfd05A0q4tW0vdTbXuMMZMGTAsrG 4ljVwwgRnLGgFBobN6gQ226KILJRXxU4jff+oqJwWHEgeBoNEV/+RFLrBdOvsRd7 jbWOb8ui511l18TXj2TKP8lKZHOtSS5B/0hhZ2BjDHwg4lZMfh7lcvjGV5TXjgvj 7LN0E2qyDFjk9cGukBYh57iquxUXiYjkN1lIfs/wpV6TUg5x1uFRhnxrdofOdP+f kU+SrZBfO1NJh5XlumNot3HbwKPX4KjYBxs7cG0VFbjZUCzZO6bVJmuO40UZiXJj mE58c5bsqyLBZZLGYMxuhhYADYKsFDkvWnVbCkLtpf1xq0Zvsqk4D4Dx8VTRiRhN AJF6f0JgzQmcgbSaM1R2VT9lfPohqkySn6bY/b2RwD7JUUHI3VLh00UtTaM+CsFC jGlDVlYgQq74WJwKwVMl2pHE9r4P8m9dHHMXVwNQVvr1vhwLaBBaE1X5NTGNGg1x BwjrTqYW2tMBxeR0Ah3DjTLz9Lj6yX7jBk0pRF0U+jm0RlxVEqIgq7uwFrSAWP9T 8eBoMuDG9P+W/4F3JJlYZHlT9orPueQXzdhuM2stPOZIuBXAQRPywKRc9/0o7m3H dFGb7AGJVV4= =3xoH -----END PGP SIGNATURE-----