Lucene search

K
mscveMicrosoftMS:CVE-2021-40444
HistorySep 07, 2021 - 7:00 a.m.

Microsoft MSHTML Remote Code Execution Vulnerability

2021-09-0707:00:00
Microsoft
msrc.microsoft.com
248
microsoft
mshtml
remote code execution
vulnerability
windows
office documents
activex control
user rights
defender antivirus
defender for endpoint
detection
protection
security update
mitigations
workaround
security updates
faq

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

EPSS

0.971

Percentile

99.8%

Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Please see the Mitigations andWorkaround sections for important information about steps you can take to protect your system from this vulnerability.

UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.

Affected configurations

Vulners
Node
microsoftwindows_7Range<6.1.7601.25712x64
OR
microsoftwindows_7Range<6.1.7601.26221x64
OR
microsoftwindows_7Range<6.1.7601.25712
OR
microsoftwindows_7Range<6.1.7601.26221
OR
microsoftwindows_server_2012Range<6.3.9600.20120r2
OR
microsoftwindows_server_2012Range<6.3.9600.20120r2
OR
microsoftwindows_server_2012Range<6.2.9200.23462
OR
microsoftwindows_server_2012Range<v1.001
OR
microsoftwindows_server_2012Range<6.2.9200.23462
OR
microsoftwindows_server_2012Range<v1.001
OR
microsoftwindows_server_2008Range<6.1.7601.25712r2x64
OR
microsoftwindows_server_2008Range<6.1.7601.25712r2x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218
OR
microsoftwindows_server_2008Range<6.0.6003.21218
OR
microsoftwindows_rt_8.1Range<6.3.9600.20120
OR
microsoftwindows_8.1Range<6.3.9600.20120x64
OR
microsoftwindows_8.1Range<6.3.9600.20120x64
OR
microsoftwindows_8.1Range<6.3.9600.20120
OR
microsoftwindows_8.1Range<6.3.9600.20120
OR
microsoftwindows_server_2016Range<10.0.14393.4651
OR
microsoftwindows_server_2016Range<10.0.14393.4651
OR
microsoftwindows_10_1607Range<10.0.14393.4651x64
OR
microsoftwindows_10_1607Range<10.0.14393.4651
OR
microsoftwindows_10Range<10.0.10240.19060x64
OR
microsoftwindows_10Range<10.0.10240.19060
OR
microsoftwindows_server_20h2Range<10.0.19042.1237
OR
microsoftwindows_10_20h2Range<10.0.19042.1237arm64
OR
microsoftwindows_10_20h2Range<10.0.19042.1237
OR
microsoftwindows_10_20h2Range<10.0.19042.1237x64
OR
microsoftwindows_server_2004Range<10.0.19041.1237
OR
microsoftwindows_10_2004Range<10.0.19041.1237
OR
microsoftwindows_10_2004Range<10.0.19041.1237
OR
microsoftwindows_10_2004Range<10.0.19041.1237
OR
microsoftwindows_server_2022Range<10.0.20348.230
OR
microsoftwindows_server_2022Range<10.0.20348.230
OR
microsoftwindows_10_21h1Range<10.0.19043.1237
OR
microsoftwindows_10_21h1Range<10.0.19043.1237arm64
OR
microsoftwindows_10_21h1Range<10.0.19043.1237x64
OR
microsoftwindows_10_1909Range<10.0.18363.1801
OR
microsoftwindows_10_1909Range<10.0.18363.1801
OR
microsoftwindows_10_1909Range<10.0.18363.1801
OR
microsoftwindows_server_2019Range<10.0.17763.2183
OR
microsoftwindows_server_2019Range<10.0.17763.2183
OR
microsoftwindows_10_1809Range<10.0.17763.2183arm64
OR
microsoftwindows_10_1809Range<10.0.17763.2183x64
OR
microsoftwindows_10_1809Range<10.0.17763.2183
VendorProductVersionCPE
microsoftwindows_7*cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*
microsoftwindows_7*cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
microsoftwindows_server_2012*cpe:2.3:o:microsoft:windows_server_2012:*:r2:*:*:*:*:*:*
microsoftwindows_server_2012*cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:r2:*:*:*:*:x64:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
microsoftwindows_rt_8.1*cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
microsoftwindows_8.1*cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
microsoftwindows_8.1*cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 301

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

EPSS

0.971

Percentile

99.8%