The importance of collaboration at Ultima
06/09/2022Advanced Optimisation with IA-Cloud Just Got Better – Introducing Cost Analyser
06/09/2022We’ve been made aware of a critical vulnerability which would allow an attacker to gain control of a PC via a user visiting a compromised site in Internet Explorer.
The Cause
The compromised site would install an Active X control which in conjunction with a malicious office document could gain control of an affected system.
Patching
No, currently there is no official update to resolve this vulnerability
How can I mitigate this?
The following mitigation techniques can be used
1) Check with your antivirus vendor that they provide detections against this attack. Microsoft Defender and Defender for Endpoint for example provides coverage passed build 1.349.22.0
2) Open documents from the internet in protected view of Application Guard for office
You can also deploy registry key changes to prevent installation of Active X controls across all zones in Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
“1001”=dword:00000003
“1004”=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
“1001”=dword:00000003
“1004”=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
“1001”=dword:00000003
“1004”=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
“1001”=dword:00000003
“1004”=dword:00000003
Source: CVE-2021-40444 – Security Update Guide – Microsoft – Microsoft MSHTML Remote Code Execution Vulnerability