Security News > 2021 > September > Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)
On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions.
Of these, the most crucial to address is CVE-2021-40444, the remote code execution MSHTML vulnerability actively exploited by attackers via malicious MS Office documents.
"Several people have not only crafted functional proof-of-concept exploits, but a few have created and published 'builder' tools that anyone can use to weaponize an Office document. The original version of the exploit used Microsoft Word.docx documents, but we've already spotted some versions that use.rtf file extensions."
Dustin Childs, with Trend Micro's Zero Day Initiative, singled out CVE-2021-36965 and CVE-2021-38647 as worthy of note.
CVE-2021-36965 is an RCE in the Windows WLAN AutoConfig Service that could be exploited by network-adjacent attackers.
There is also CVE-2021-36968, a Windows DNS Elevation of Privilege vulnerability that is publicly known, though not actively exploited.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j02rIori0KA/
Related news
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 0.0 |
| 2021-09-15 | CVE-2021-38647 | Improper Authentication vulnerability in Microsoft products Open Management Infrastructure Remote Code Execution Vulnerability | 0.0 |
| 2021-09-15 | CVE-2021-36968 | Improper Privilege Management vulnerability in Microsoft Windows 7 and Windows Server 2008 Windows DNS Elevation of Privilege Vulnerability | 0.0 |
| 2021-09-15 | CVE-2021-36965 | Unspecified vulnerability in Microsoft products Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | 0.0 |