Microsoft is warning of a zero-day vulnerability cve-2021-40444

Microsoft is warning of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the threat actors. The vulnerability was exploited by threat actors in malspam attacks spreading weapon zed Office docs. 

The remote code execution vulnerability in MSHTML affects Microsoft Windows, the issue received a CVSS score of 8.8. MSHTML is the main HTML component of the Windows Internet Explorer browser, it is also used in other applications. The vulnerability was reported by Mandiant researchers Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, and Haifei Li from EXPMON. EXPMON researchers defined the attack exploiting the CVE-2021-40444 flaw as a highly sophisticated zero-day exploit attack against Microsoft Office users.

Mitigation published by Microsoft:

Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.

Warning if you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To disable ActiveX controls on an individual system:

1. To disable installing ActiveX controls in Internet Explorer in all zones, paste the following into a text file and save it with the .reg file extension.

2. Double-click the .reg file to apply it to your Policy hive.

3. Reboot the system to ensure the new configuration is applied.

Share this

Related Posts

Next Post »