Critical Vulnerability: Windows (CVE-2021-40444)
Tony Baylis
3rd Line Consultant - Security
10/09/2021

We’ve been made aware of a critical vulnerability which would allow an attacker to gain control of a PC via a user visiting a compromised site in Internet Explorer.

The Cause

The compromised site would install an Active X control which in conjunction with a malicious office document could gain control of an affected system.

Patching

No, currently there is no official update to resolve this vulnerability

How can I mitigate this?

The following mitigation techniques can be used

1)    Check with your antivirus vendor that they provide detections against this attack. Microsoft Defender and Defender for Endpoint for example provides coverage passed build 1.349.22.0
2)    Open documents from the internet in protected view of Application Guard for office

You can also deploy registry key changes to prevent installation of Active X controls across all zones in Internet Explorer

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1001"=dword:00000003
"1004"=dword:00000003


Source: CVE-2021-40444 - Security Update Guide - Microsoft - Microsoft MSHTML Remote Code Execution Vulnerability
 


Full Name