Security News > 2021 > September > Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)
On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions.
Of these, the most crucial to address is CVE-2021-40444, the remote code execution MSHTML vulnerability actively exploited by attackers via malicious MS Office documents.
"Several people have not only crafted functional proof-of-concept exploits, but a few have created and published 'builder' tools that anyone can use to weaponize an Office document. The original version of the exploit used Microsoft Word.docx documents, but we've already spotted some versions that use.rtf file extensions."
Dustin Childs, with Trend Micro's Zero Day Initiative, singled out CVE-2021-36965 and CVE-2021-38647 as worthy of note.
CVE-2021-36965 is an RCE in the Windows WLAN AutoConfig Service that could be exploited by network-adjacent attackers.
There is also CVE-2021-36968, a Windows DNS Elevation of Privilege vulnerability that is publicly known, though not actively exploited.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j02rIori0KA/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 8.8 |
| 2021-09-15 | CVE-2021-38647 | Improper Authentication vulnerability in Microsoft products Open Management Infrastructure Remote Code Execution Vulnerability | 9.8 |
| 2021-09-15 | CVE-2021-36968 | Improper Privilege Management vulnerability in Microsoft Windows 7 and Windows Server 2008 Windows DNS Elevation of Privilege Vulnerability | 7.8 |
| 2021-09-15 | CVE-2021-36965 | Unspecified vulnerability in Microsoft products Windows WLAN AutoConfig Service Remote Code Execution Vulnerability low complexity microsoft | 8.8 |