High Threat Security Alert (A21-09-04): Vulnerability in Microsoft Windows

Description:

Microsoft released a security update advisory about a remote code execution vulnerability in MSHTML that affects Microsoft Windows. An attacker could use a specially crafted Microsoft Office document to exploit the vulnerability.

Reports indicate that a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows is being exploited in the wild. Patches are yet to be available but Microsoft has provided a workaround to mitigate the risk. System administrators are advised to observe the advisory and immediately apply the recommended options to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022
• Microsoft Windows Server, version 2004, version 20H2

Impact:

A successful exploitation could lead to remote code execution on an affected system.

Recommendation:

On 8 September 2021, patches for the affected products are not yet available. By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office which prevents the current attack. System administrators and users should ensure the security features are enabled. In addition, Microsoft has provided the workaround that disables the installation of all ActiveX controls in Internet Explorer to mitigate the risk of exploitation. Details of the workaround could be found at the following URL:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

More Information:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
• https://www.hkcert.org/security-bulletin/microsoft-windows-remote-code-execution-vulnerability_20210908
• https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444