Security News > 2021 > December > New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.
"The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker," SophosLabs researchers Andrew Brandt and Stephen Ormandy said in a new report published Tuesday.
CVE-2021-40444 relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents.
Although Microsoft addressed the security weakness as part of its September 2021 Patch Tuesday updates, it has been put to use in multiple attacks ever since details pertaining to the flaw became public.
The new campaign discovered by Sophos aims to get around the patch's protection by morphing a publicly available proof-of-concept Office exploit and weaponizing it to distribute Formbook malware.
"In the initial versions of CVE-2021-40444 exploits, [the] malicious Office document retrieved a malware payload packaged into a Microsoft Cabinet file," the researchers explained.
News URL
https://thehackernews.com/2021/12/new-exploit-lets-malware-attackers.html
Related news
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 8.8 |