Home News Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug

    Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug


    Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug

    Microsoft in the present day fastened a excessive severity zero-day vulnerability actively exploited in focused assaults towards Microsoft Workplace and Workplace 365 on Home windows 10 computer systems.

    The distant code execution (RCE) safety flaw, tracked as CVE-2021-40444, was discovered within the MSHTML Web Explorer browser rendering engine utilized by Microsoft Workplace paperwork.

    In line with Microsoft, CVE-2021-40444 impacts Home windows Server 2008 via 2019 and Home windows 8.1 or later, and it has a severity degree of 8.8 out of the utmost 10.

    “Microsoft has launched safety updates to handle this vulnerability,” the corporate said today in an advisory update printed as a part of this month’s Patch Tuesday.

    “Please see the Safety Updates desk for the relevant replace in your system. We advocate that you just set up these updates instantly.”

    Safety updates launched after built-in defenses bypassed

    The focused assaults detected by Microsoft tried to take advantage of the vulnerability by sending specially-crafted Workplace paperwork with malicious ActiveX controls to potential victims.

    Fortunately, these assaults had been thwarted if Microsoft Workplace ran with the default configuration, which opens untrusted paperwork in Protected View mode (or with Software Guard for Workplace 365 prospects).

    Nevertheless, as CERT/CC vulnerability analyst Will Dormann later informed BleepingComputer, this built-in safety towards CVE-2021-40444 exploits would seemingly be bypassed both by customers ignoring Protected View warnings or by attackers delivering the malicious paperwork bundled inside 7Zip archives or ISO containers.

    If the doc is in a container that’s processed by one thing that’s not MotW-aware, then the truth that the container was downloaded from the Web will likely be moot. For instance, if 7Zip opens an archive that got here from the Web, the extracted contents may have no indication that it got here from the Web. So no MotW, no Protected View.

    Equally, if the doc is in a container like an ISO file, a Home windows consumer can merely double-click on the ISO to open it. However Home windows does not deal with the contents as having come from the Web. So once more, no MotW, no Protected View.

    This assault is extra harmful than macros as a result of any group that has chosen to disable or in any other case restrict Macro execution will nonetheless be open to arbitrary code execution merely as the results of opening an Workplace doc. – Will Dormann

    Moreover, Dormann additionally discovered that risk actors could exploit this vulnerability using maliciously-crafted RTF files, which do not profit from Workplace’s Protected View safety function.

    Word document opened in Protected View
    Phrase doc opened in Protected View

    The best way to apply the safety updates

    Right now’s safety updates handle the vulnerability for all affected variations of Home windows and embody a Monthly Rollup, a Security Only update, and an Internet Explorer cumulative update.

    “Prospects working Home windows 8.1, Home windows Server 2012 R2, or Home windows Server 2012 can apply both the Month-to-month Rollup or each the Safety Solely and the IE Cumulative updates,” in accordance with Microsoft.

    “The Month-to-month Rollup for Home windows 7, Home windows Server 2008 R2, and Home windows Server 2008 contains the replace for this vulnerability. Prospects who apply the Month-to-month Rollup don’t want to use the IE Cumulative replace.

    “Prospects who solely apply Safety Solely updates have to additionally apply the IE Cumulative replace to be shielded from this vulnerability.”

    BleepingComputer independently confirmed that identified CVE-2021-40444 exploits now not work after making use of in the present day’s patches.

    Those that can’t instantly apply in the present day’s safety updates ought to implement Microsoft’s workarounds (disabling ActiveX controls by way of Group Coverage and preview in Home windows Explorer) to cut back the assault floor.

    Source link