{"id":3157,"date":"2021-09-15T15:37:39","date_gmt":"2021-09-15T10:07:39","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3157"},"modified":"2021-09-15T15:37:41","modified_gmt":"2021-09-15T10:07:41","slug":"microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/","title":{"rendered":"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw"},"content":{"rendered":"\n

Microsoft recently fixed a high asperity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office 365 on Windows 10 computers. The remote code execution (RCE) security bug, tracked as CVE-2021-40444, was discovered in the MSHTML Internet Explorer browser interpreting engines utilized by Microsoft Office documents.<\/p><\/p>\n\n\n\n

According to Microsoft, CVE-2021-40444 affects Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10.<\/p><\/p>\n\n\n\n

Microsoft has released security updates to address such vulnerabilities, \u201cthe organization stated in a recent advisory release published as part of this month\u2019s patch Tuesday. \u201cPlease go through the Security Updates table for the applicable update for your system. We suggest that you install these updates immediately.\u201d<\/p><\/p>\n\n\n\n

What are the Security Updates Released After Built-in Defenses Bypassed?<\/strong><\/h2>\n\n\n\n

The targeted attacks analyzed by Microsoft tried to exploit the vulnerability by transmitting specially-crafted Office documents with malicious ActiveX controls to probable victims. Fortunately, these attacks were circumventing if Microsoft Office ran with the default configuration, which opens unauthorized documents in Protected View mode (or with Application Guard for Office 365 customers).<\/p><\/p>\n\n\n\n

However, as CERT\/CC vulnerability analyst Will Dormann later told our experts, this built-in protection against CVE-2021-40444 exploits would likely be prevented either by users ignoring Protected View alerting or by threat actors delivering the malicious documents bundled within 7Zip archives or ISO containers.<\/p><\/p>\n\n\n\n

If the document is in a container that is processed by something that is not MotW-aware, then the fact that the container was downloaded from the Internet will be moot. For example, if 7Zip opens an archive that came from the Internet, the extracted contents will not indicate that it came from the Internet. So no MotW, no Protected View.<\/p><\/p>\n\n\n\n

Similarly, if the document is in a container like an ISO file, a Windows user can simply double-click on the ISO to open it. But Windows doesn’t treat the contents as having come from the Internet. So again, No MotW, No Protected View.<\/p><\/p>\n\n\n\n

This attack is more dangerous than macros because any organization that has chosen to disable or otherwise limit Macro execution will still be open to arbitrary code execution simply as the result of opening an Office document. – Will Dormann<\/p><\/p>\n\n\n\n

Furthermore, Dormann also found that threat actors could exploit this vulnerability using maliciously crafted RTF files, which don’t benefit from Office’s Protected View security feature.    <\/p><\/p>\n\n\n\n

\"Microsoft-Fixes-Windows-CVE-2021-40444-MSHTML-Zero-day-Flaw-image1\"<\/figure><\/div>\n\n\n\n

How to Apply these Securities Updates?<\/strong><\/h2>\n\n\n\n

Recently Security Updates address the vulnerability for all the impacted versions of Windows and include a Monthly Rollup, a Security Only update, and an Internet Explorer cumulative update. \u201cCustomers running Windows 8.1, Windows Servers 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both of the Security Only and the IE cumulative updates,\u201d as per Microsoft.<\/p><\/p>\n\n\n\n

\u201cThe Monthly Rollup for Windows 7, Windows Server 2008 R2, and Windows Server 2008 includes the update for this vulnerability. Customers who apply the Monthly Rollup do not need to apply the IE Cumulative update. “Customers who only apply Security-only updates need to also apply the IE Cumulative update to be protected from this vulnerability.”<\/p><\/p>\n\n\n\n

Our experts independently confirmed that known CVE-2021-40444 exploits no longer work after applying today’s patches. Those who cannot immediately apply today’s security updates should implement Microsoft’s workarounds (disabling ActiveX controls via Group Policy and preview in Windows Explorer) to reduce the attack surface.     <\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft recently fixed a high asperity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office 365 on Windows 10 computers. The remote code execution (RCE) security bug, tracked as CVE-2021-40444, was discovered in the MSHTML Internet Explorer browser interpreting engines utilized by Microsoft Office documents. According to Microsoft, CVE-2021-40444 affects Windows Server 2008 through […]<\/p>\n","protected":false},"author":2,"featured_media":3159,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"\nMicrosoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Microsoft recently fixed a high asperity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office 365 on Windows 10 computers. The remote code execution (RCE) security bug, tracked as CVE-2021-40444, was discovered in the MSHTML Internet Explorer browser interpreting engines utilized by Microsoft Office documents. According to Microsoft, CVE-2021-40444 affects Windows Server 2008 through […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-15T10:07:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-15T10:07:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-Windows-CVE-2021-40444-MSHTML-Zero-day-Flaw-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw\",\"datePublished\":\"2021-09-15T10:07:39+00:00\",\"dateModified\":\"2021-09-15T10:07:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\"},\"wordCount\":564,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\",\"url\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\",\"name\":\"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-09-15T10:07:39+00:00\",\"dateModified\":\"2021-09-15T10:07:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw - Xiarch Solutions Private Limited","og_description":"Microsoft recently fixed a high asperity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office 365 on Windows 10 computers. The remote code execution (RCE) security bug, tracked as CVE-2021-40444, was discovered in the MSHTML Internet Explorer browser interpreting engines utilized by Microsoft Office documents. According to Microsoft, CVE-2021-40444 affects Windows Server 2008 through […]","og_url":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-09-15T10:07:39+00:00","article_modified_time":"2021-09-15T10:07:41+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Microsoft-Fixes-Windows-CVE-2021-40444-MSHTML-Zero-day-Flaw-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw","datePublished":"2021-09-15T10:07:39+00:00","dateModified":"2021-09-15T10:07:41+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/"},"wordCount":564,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/","url":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/","name":"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-09-15T10:07:39+00:00","dateModified":"2021-09-15T10:07:41+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-flaw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Fixes Windows CVE-2021-40444 MSHTML Zero-day Flaw"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3157"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3157"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3157\/revisions"}],"predecessor-version":[{"id":3161,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3157\/revisions\/3161"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3159"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}