Security News > 2021 > September > Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML, to compromise Windows/Office users in "a limited number of targeted attacks," Microsoft has warned on Tuesday.
CVE-2021-40444 is a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.
We have reproduced the attack on the latest Office 2019 / Office 365 on Windows 10, for all affected versions please read the Microsoft Security Advisory.
The attackers are flinging specially-crafted Microsoft Office documents at targets.
"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document," Microsoft explained.
The company also noted that "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," and that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default, and that this prevents the current attacks.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mFh1aZEXVhE/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 0.0 |