Windows MSHTML attack still unpatched

There is a bug CVE-2021-40444 that was released on the 7th of September and 6 days later, remains unpatched. In fact, there is even a public Proof Of Concept available online to exploit it!

What is the problem?

But bugs are nothing new, so what is so dangerous about it? Well that is the scary stuff. A crafted Microsoft Office document could be used to execute code on your machine to install malware or a backdoor. The exploit takes advantage of a legacy feature inside of word that we believe can also be used to exploit Outlook on the web and on the desktop.

Where other attacks require you to allow macros or somehow “accept” the bad thing happening, this bug will execute the attackers code as soon as you open the word document. This may even be possible to exploit if you just use the preview functionality of office. So one click on an innocent word document and bam, infected.

How do I protect myself?

The only protection for now? Enforcing “Protected View” on all word documents and even disabling the preview pane until an official patch comes out.

You can also avoid opening documents you weren’t expecting. Don’t be tempted to look at content just because an email or a document happens to align with your interests, your line of work, or your current research. If you weren’t expecting it, don’t open it.

Don’t be tempted to break out of Office Protected View. If you see a yellow bar at the top of the page, warning you that potentially dangerous parts of the document were not activated, do not click the [Enable Content] button, especially if the text of the document itself “advises” you to!

Finally, Microsoft advises that you can Disable ActiveX controls that use the MSHTML web renderer and while we have already done this for our clients, it is not sufficient to protect you.

Need security and patch management?

Stay on top of the latest threats and reach out to us below.

Most Recent:

Random Pick: