[SANS ISC] Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444), (Wed, Sep 8th)

Microsoft today published an advisory with a workaround to mitigate an unpatched vulnerability in Microsoft Office. This vulnerability is currently used in targeted attacks.

CVE-2021-40444 is a code execution vulnerability in MSHTML. The exploit would arrive as an Office document that includes a malicious ActiveX control. As a workaround, Microsoft recommends disabling ActiveX in Internet Explorer and the advisory includes the necessary registry changes. At this point, it should be pretty low impact to disable ActiveX, but of course, there may be individual enterprise applications that still use ActiveX. 

For more details, see Microsoft’s advisory here: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[BleepingComputer] Email fatigue among users opens doors for cybercriminals

When it comes to email security, a one-and-done approach never works. Using this multi-layered approach, which includes URL filtering, can often block malicious domains and downloads of malware, preventing systems from being infected in the first place. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] Ransomware victim shows why transparency in attacks matters

As devastating ransomware attacks continue to have far-reaching consequences, companies still try to hide the attacks rather than be transparent. Below we highlight a company’s response to an attack that should be used as a model for all future disclosures. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] REvil is increasing ransoms for Kaseya ransomware attack victims

The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday’s Kaseya ransomware attack. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.