Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild.

CISA encourages users and administrators to review [Microsoft’s advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 >) and to implement the mitigations and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

checkpoint_advisories 1

malwarebytes 5

trendmicroblog 2

thn 11

trellix 10

cisa_kev 1

githubexploit 29

metasploit 1

talosblog 1

rapid7blog 2

zdt 1

mmpc 2

prion 1

threatpost 6

securelist 6

mscve 1

nessus 8

krebs 2

cvelist 1

packetstorm 2

ics 2

avleonov 2

kitploit 1

attackerkb 2

kaspersky 2

cnvd 1

mssecure 2

cve 1

hivepro 2

pentestpartners 1

mskb 13

googleprojectzero 2

openvas 7

qualysblog 3

checkpoint_advisories

Microsoft Internet Explorer MSHTML Remote Code Execution (CVE-2021-40444)

2021-09-09 00:00:00

malwarebytes

MSHTML attack targets Russian state rocket centre and interior ministry

2021-09-22 19:16:56

[updated] Windows MSHTML zero-day actively exploited, mitigations required

2021-09-08 11:04:07

Meet Exotic Lily, access broker for ransomware and other malware peddlers

2022-03-18 22:58:48

trendmicroblog

FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

2021-09-29 00:00:00

Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs

2021-09-09 00:00:00

thn

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

2021-09-16 07:19:00

Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

2022-05-30 09:40:00

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

2021-11-25 11:33:00

trellix

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign

2022-01-25 00:00:00

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign

2022-01-25 00:00:00

Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite

2022-06-20 00:00:00

cisa_kev

Microsoft MSHTML Remote Code Execution Vulnerability

2021-11-03 00:00:00

githubexploit

Exploit for Path Traversal in Microsoft

2021-11-25 05:13:05

Exploit for Path Traversal in Microsoft

2021-10-03 01:13:42

Exploit for Path Traversal in Microsoft

2021-09-09 15:43:08

metasploit

Microsoft Office Word Malicious MSHTML RCE

2021-11-09 11:18:58

talosblog

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

2023-03-09 19:00:12

rapid7blog

Metasploit Wrap-Up

2021-12-10 21:36:13

Patch Tuesday - September 2021

2021-09-15 03:44:31

zdt

Microsoft Office Word MSHTML Remote Code Execution Exploit

2021-12-09 00:00:00

mmpc

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

2021-09-15 23:40:56

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

prion

Remote code execution

2021-09-15 12:15:00

threatpost

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

2021-09-17 12:07:59

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

2021-09-08 12:24:51

MSHTML Flaw Exploited to Attack Russian Dissidents

2022-03-30 13:13:49

securelist

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

2021-09-16 15:30:57

IT threat evolution Q3 2021

2021-11-26 12:00:36

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

2022-06-06 08:00:02

mscve

Microsoft MSHTML Remote Code Execution Vulnerability

2021-09-07 07:00:00

nessus

Security Updates for Internet Explorer (September 2021)

2021-09-14 00:00:00

Security Updates for Microsoft Internet Explorer OOB (Sept 2021) (deprecated)

2021-09-10 00:00:00

KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update

2021-09-14 00:00:00

krebs

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

2021-09-08 15:03:45

Microsoft Patch Tuesday, September 2021 Edition

2021-09-14 21:00:42

cvelist

CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability

2021-09-15 11:24:26

packetstorm

Microsoft Office Word MSHTML Remote Code Execution

2021-12-09 00:00:00

Microsoft Office MSDT Follina Proof Of Concept

2022-05-31 00:00:00

ics

2021 Top Malware Strains

2022-08-25 12:00:00

2021 Top Routinely Exploited Vulnerabilities

2022-04-28 12:00:00

avleonov

PHDays 11: towards the Independence Era

2022-06-11 00:46:58

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

2021-09-18 23:22:00

kitploit

CVE-2021-40444 PoC - Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

2021-09-16 13:13:00

attackerkb

CVE-2021-40444

2021-09-15 00:00:00

CVE-2022-30190

2022-06-01 00:00:00

kaspersky

KLA12278 RCE vulnerability in Microsoft Products (ESU)

2021-09-07 00:00:00

KLA12277 RCE vulnerability in Microsoft Windows

2021-09-07 00:00:00

cnvd

Microsoft MSHTML Remote Code Execution Vulnerability

2021-09-08 00:00:00

mssecure

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

2021-09-15 23:40:56

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

cve

CVE-2021-40444

2021-09-15 12:15:00

hivepro

New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group

2022-03-21 05:34:00

Weekly Threat Digest: 14 – 20 March 2022

2022-03-23 04:17:40

pentestpartners

Follina 0day exploit. Malicious code execution in Office docs

2022-06-01 05:38:30

mskb

KB5019958: Cumulative security update for Internet Explorer: November 8, 2022

2022-11-08 08:00:00

KB5005563: Cumulative security update for Internet Explorer: September 14, 2021

2021-09-07 07:00:00

September 14, 2021—KB5005606 (Monthly Rollup)

2021-09-14 07:00:00

googleprojectzero

2022 0-day In-the-Wild Exploitation…so far

2022-06-30 00:00:00

The More You Know, The More You Know You Don’t Know

2022-04-19 00:00:00

openvas

Microsoft Windows Multiple Vulnerabilities (KB5005633)

2021-09-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB5005613)

2021-09-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB5005569)

2021-09-15 00:00:00

qualysblog

Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities

2021-09-14 18:56:17

Qualys Response to CISA Alert: Binding Operational Directive 22-01

2021-11-09 06:15:01

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for CISA:C70D91615E3DC8B589B493118D474566