Security News > 2021 > September > Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)
On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions.
Of these, the most crucial to address is CVE-2021-40444, the remote code execution MSHTML vulnerability actively exploited by attackers via malicious MS Office documents.
"Several people have not only crafted functional proof-of-concept exploits, but a few have created and published 'builder' tools that anyone can use to weaponize an Office document. The original version of the exploit used Microsoft Word.docx documents, but we've already spotted some versions that use.rtf file extensions."
Dustin Childs, with Trend Micro's Zero Day Initiative, singled out CVE-2021-36965 and CVE-2021-38647 as worthy of note.
CVE-2021-36965 is an RCE in the Windows WLAN AutoConfig Service that could be exploited by network-adjacent attackers.
There is also CVE-2021-36968, a Windows DNS Elevation of Privilege vulnerability that is publicly known, though not actively exploited.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/j02rIori0KA/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 0.0 |
| 2021-09-15 | CVE-2021-38647 | Unspecified vulnerability in Microsoft products Open Management Infrastructure Remote Code Execution Vulnerability | 0.0 |
| 2021-09-15 | CVE-2021-36968 | Improper Privilege Management vulnerability in Microsoft Windows 7 and Windows Server 2008 Windows DNS Elevation of Privilege Vulnerability | 0.0 |
| 2021-09-15 | CVE-2021-36965 | Unspecified vulnerability in Microsoft products Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | 0.0 |