Microsoft is warning of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the threat actors. The vulnerability was exploited by threat actors in malspam attacks spreading weapon zed Office docs.
The remote code execution vulnerability in MSHTML affects Microsoft Windows, the issue received a CVSS score of 8.8. MSHTML is the main HTML component of the Windows Internet Explorer browser, it is also used in other applications. The vulnerability was reported by Mandiant researchers Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, and Haifei Li from EXPMON. EXPMON researchers defined the attack exploiting the CVE-2021-40444 flaw as a highly sophisticated zero-day exploit attack against Microsoft Office users.
Mitigation published by Microsoft:
Disabling the installation of all
ActiveX controls in Internet Explorer mitigates this attack. This can be
accomplished for all sites by updating the registry. Previously-installed
ActiveX controls will continue to run, but do not expose this vulnerability.
Warning if you use Registry Editor
incorrectly, you may cause serious problems that may require you to reinstall
your operating system. Microsoft cannot guarantee that you can solve problems
that result from using Registry Editor incorrectly. Use Registry Editor at your
own risk.
To disable ActiveX controls on an
individual system:
1. To disable installing ActiveX
controls in Internet Explorer in all zones, paste the following into a text
file and save it with the .reg file extension.
2. Double-click the .reg file to apply
it to your Policy hive.
3. Reboot the system to ensure the new configuration is applied.