Zero-day Remote Code Execution Vulnerability in Microsoft MSHTML

Published on 08 Sep 2021

Updated on 08 Sep 2021

Microsoft has issued a security notice regarding a remote code execution vulnerability (CVE-2021-40444) in MSHTML, a proprietary browser engine for Microsoft Windows version of Internet Explorer that is being actively exploited in the wild.

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code and take control of the affected system.

Microsoft is currently investigating this vulnerability. By default, Microsoft Office opens documents from the Internet in Protected View or Application Guard for Office, both of which prevent the current attack.

Microsoft has also informed that both their Microsoft Defender Antivirus and Microsoft Defender for Endpoint provide detection and protection for the vulnerability, and advised users to keep their anti-malware products up to date.

Administrators and users of the affected product are advised to implement the workaround of disabling the installation of all ActiveX controls in Internet Explorer to mitigate this risk. They should also refer to Microsoft's website for further updates.

More information is available here:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444