Attacker Value
Moderate
(3 users assessed)
Exploitability
Low
(3 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
7

CVE-2021-40444

Disclosure Date: September 15, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Microsoft MSHTML Remote Code Execution Vulnerability

Add Assessment

3
Ratings
Technical Analysis
  • Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack )
  • Requires social engineering to be exploited
  • Workaround easy to deploy
3
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Low
Technical Analysis

Sounds from Microsoft’s out-of-band advisory like this is seeing limited, targeted attacks and folks are only vulnerable in non-default configurations (i.e., “by default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack”). All this plus user interaction required = another social engineering opportunity for attackers with specific targets, but probably not a big concern as far as widespread, automated exploitation goes. No patch yet, but sounds like the most out-of-the-box mitigation is just to use the default option of opening docs in a protected manner.

1
Ratings
Technical Analysis

Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

A threat actor could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

General Information

Vendors

  • Microsoft

Products

  • Windows,
  • Windows Server,
  • Windows 10 Version 1909 for 32-bit Systems,
  • Windows 10 Version 1909 for x64-based Systems,
  • Windows 10 Version 1909 for ARM64-based Systems,
  • Windows 10 Version 21H1 for x64-based Systems,
  • Windows 10 Version 21H1 for ARM64-based Systems,
  • Windows 10 Version 21H1 for 32-bit Systems,
  • Windows Server 2022,
  • Windows Server 2022 (Server Core installation),
  • Windows 10 Version 2004 for 32-bit Systems,
  • Windows 10 Version 2004 for ARM64-based Systems,
  • Windows 10 Version 2004 for x64-based Systems,
  • Windows Server, version 2004 (Server Core installation),
  • Windows 10 Version 20H2 for x64-based Systems,
  • Windows 10 Version 20H2 for 32-bit Systems,
  • Windows 10 Version 20H2 for ARM64-based Systems,
  • Windows Server, version 20H2 (Server Core Installation)

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis