Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office users in “a limited number of targeted attacks,” Microsoft has warned on Tuesday.

About CVE-2021-40444 and the attacks

CVE-2021-40444 is a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

The current attacks were detected by Microsoft, Mandiant, and Expmon researchers. The latter say that they’ve reliably reproduced the attack on Windows 10:

We have reproduced the attack on the latest Office 2019 / Office 365 on Windows 10 (typical user environment), for all affected versions please read the Microsoft Security Advisory. The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous).

— EXPMON (@EXPMON_) September 7, 2021

The attackers are flinging specially-crafted Microsoft Office documents at targets.

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts

Read the article