Microsoft has warned of active exploits in the wild for an MSHTML RCE vulnerability (CVE-2021-40444).
The tech giant released workarounds for the threat at the time of the initial advisory publication on September 7, 2021.
“Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” Microsoft stated in the advisory.
“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document.”
Moreover, the impact would be lower if users are not logged in with a user account that has administrative rights.
Microsoft has confirmed “exploitation detected” for the MSHTML remote code execution (RCE) vulnerability CVE-2021-40444 (CVSS score of 8.8). The company originally provided a workaround to mitigate this attack by disabling the installation of all ActiveX controls in Internet Explorer by updating the registry.
The issue affected multiple versions of Windows 10, Windows Server and older Windows operating systems.
Update (First published September 8, 2021, but updated September 15, 2021): As of September 14, Microsoft has provided security updates for all affected versions of Windows to address the vulnerability.
- Microsoft August 2021 Security Updates includes fixes for 7 Critical RCEs, 3 zero-day vulnerabilities
- Microsoft July 2021 Security Updates includes fixes for 13 Critical RCEs, 3 zero-day vulnerabilities
- Apple fixes watchOS vulnerability (CVE-2021-30807) exploited in the wild
- Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability
- PrintNightmare: Windows Print Spooler service RCE vulnerability exploit code