Description

Microsoft has released a warning about a zero-day, remote code execution vulnerability that affects the component MSHTML (Trident). The MSHTML is a proprietary browser engine of the discontinued Internet Explorer and also used by Microsoft Office Documents to convert web content inside Office documents.

The identified Zero-Day vulnerability is MSHTML Remote Code Vulnerability – CVE-2021-40444

Affected systems

Microsoft Windows OS

Security Risks

A remote attacker can exploit this vulnerability by creating a malicious ActiveX control, used by a Microsoft Office document that hosts MSHTML engine. However, successful exploitation requires user interaction by the targeted victim. If successful, the remote attacker can then take control of the vulnerable system.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

a. never open Office documents (Word, Excel, PowerPoint, etc.) if you do not trust the source;

b. never click on links or open attachments from unknown or unexpected mail senders;

c. apply the principle of least privilege access to systems and databases;

d. install and update regularly endpoint protection solutions on all the devices;

e. review the Microsoft Security Update Guide for more details on protecting against this vulnerability.

For further information and support, please contact NCSA by email to rwcsirt@ncsa.gov.rw or call us on 9009

Reference

•  Microsoft MSHTML RCE Vulnerability

•  VDB-182122 . CVE-2021-40444