We’ve been made aware of a critical vulnerability which would allow an attacker to gain control of a PC via a user visiting a compromised site in Internet Explorer.
The Cause
The compromised site would install an Active X control which in conjunction with a malicious office document could gain control of an affected system.
Patching
No, currently there is no official update to resolve this vulnerability
How can I mitigate this?
The following mitigation techniques can be used
1) Check with your antivirus vendor that they provide detections against this attack. Microsoft Defender and Defender for Endpoint for example provides coverage passed build 1.349.22.0
2) Open documents from the internet in protected view of Application Guard for office
You can also deploy registry key changes to prevent installation of Active X controls across all zones in Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
“1001”=dword:00000003
“1004”=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
“1001”=dword:00000003
“1004”=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
“1001”=dword:00000003
“1004”=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
“1001”=dword:00000003
“1004”=dword:00000003
Source: CVE-2021-40444 – Security Update Guide – Microsoft – Microsoft MSHTML Remote Code Execution Vulnerability
Privacy Policy | Terms | Modern Slavery Statement | Ethical Statement | Diversity and Inclusion | Sustainability | Cookies | Ultima Certifications | Commitment to Quality | Carbon Reduction Plan | Corporate Compliance Policy | Commitment to Security | Gender Pay Gap Report | Health and Safety Policy | ESG Policy | Ultima Labs EULA | Business Continuity Strategy | Environmental Management Policy
© 2022 Ultima Business Solutions Limited. All rights reserved. | Registered Address: Gainsborough House, Manor Farm Road, Reading, England, RG2 0NA | Company Registration 02521249 Registered in England & Wales