Skip to main content
Customer Support Customer Support

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

  • September 8, 2021
  • 3 replies
  • 62 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

September 8, 2021 By Zeljka Zorz

 

Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office users in “a limited number of targeted attacks,” Microsoft has warned on Tuesday.

 

CVE-2021-40444

About CVE-2021-40444 and the attacks

 

CVE-2021-40444 is a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

The current attacks were detected by Microsoft, Mandiant, and Expmon researchers. The latter s

 

Full Article.

    3 replies

    F
    New Member
    • fshiery
    • New Member
    • 1 reply
    • September 8, 2021

    OK, does WR block this?

    TripleHelix
    Moderator
    Forum|alt.badge.img+63
    • TripleHelix
    • Moderator
    • 9178 replies
    • September 8, 2021

    @TylerM is best to answer this type of question!

    Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
    Jasper_The_Rasper
    TripleHelix
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix
    TylerM
    Administrator
    Forum|alt.badge.img+25
    • TylerM
    • Sr. Security Analyst & Community Manager
    • 1276 replies
    • September 8, 2021

    @fshiery Webroot is not able to prevent this exploit, but we would be able to block and stop the malicious payloads that are dropped on a system breached by this - which usually ransomware, botnets, or cryptominers. By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack. This specific attack still relies on a user having active X enabled, and having to convince the user to open the documents. It’s very similar to convincing users to to “enable content” in their office documents. 

    Our training modules for employees educate around documents that are malicious (macros), and modules for admins educate to limit permissions  that aren’t needed for the average user. This will insulate from the risks of most of the exploits that are revealed what seems like every day now. 

    The only way to fix this Operating System Exploit is through Microsoft as bugs in their code is source of the exploit. As long as you have your windows OS set to perform updates automatically it should patch this. 

    Jasper_The_Rasper
    TripleHelix
    F
    3 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix
    • F
      fshiery

    Reply


    Terms & Conditions