Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444).

Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations.

The IT giant says that threat actors started targeting this issue on August 18, before Microsoft shared mitigation for a this vulnerability, threat actors used weaponized Office documents. The campaigns observed August 2021 likely employed emails impersonating contracts and legal agreements, the messages used documents that were hosted on file-sharing sites. 

“In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders.” reads the post published by Microsoft. “These loaders communicated with an infrastructure that

Read the article