Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch SecOps Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
09.08.21

Customer Advisory for Awareness | Microsoft Warns of New RCE Zero-Day Exploited in Targeted Office Attacks

By Deepwatch, 

Key Points:

  • Microsoft issued an alert on September 7 to notify organizations about a new zero-day being exploited in real-world attacks.
  • The vulnerability, Tracked as CVE-2021-40444, impacts Microsoft MHTML, a web page archive format used to combine the HTML code and its companion resources in a single computer file.
  • Expmon and Mandiant informed Microsoft that they observed targeted attacks that attempted to exploit this vulnerability by using specially-crafted Microsoft Office documents

Summary

Microsoft issued an alert on September 7 to notify organizations about a new zero-day being abused in real-world attacks. Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, a web page archive format used to combine the HTML code and its companion resources in a single computer file.

While MHTML was principally used for the now discontinued Internet Explorer browser, the archive format also works in Microsoft Office Word, Excel, and PowerPoint documents to render web-hosted content.

The alert reads “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Security researchers from Mandiant and Expmon discovered the attacks and the underlying zero-day.

Deepwatch Threat Intelligence Outlook

Neither Expmon, Mandiant, nor Microsoft has released details about the attacks, their targets, or the threat actor(s) exploiting this zero-day. However, Microsoft is expected to release a patch on September 14, during the company’s regular patch release schedule.

Until a patch is released, Microsoft has provided details on how to disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so are included with Microsoft’s security advisory.

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

Significant Cyber Event | Exchange Exploitation and Labor Day Weekend

Next post

Customer Advisory for Awareness | CISA, FBI, and NSA Issue Joint Advisory Regarding Increased Conti Ransomware Attacks

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch SecOps Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy