Summary
Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens the document, MS Office will download and execute a malicious script.
According to our data, the same attacks are still happening all over the world. We are currently seeing attempts to exploit the CVE-2021-40444 vulnerability targeting companies in the research and development sector, the energy sector and large industrial sectors, banking and medical technology development sectors, as well as telecommunications and the IT sector. Due to its ease of exploitation and the few published Proof-of-Concept (PoC), we expect to see an increase in attacks using this vulnerability.
Geography of CVE-2021-40444 exploitation attempts
Kaspersky is aware of targeted attacks using CVE-2021-40444, and our products protect against attacks leveraging the vulnerability. Possible detection names are:
HEUR:Exploit.MSOffice.CVE-2021-40444.a
HEUR:Trojan.MSOffice.Agent.gen
PDM:Exploit.Win32.Generic
Killchain generated by KEDR during execution of CVE-2021-40444 Proof-of-Concept
Experts at Kaspersky are monitoring the situation closely and improving mechanisms to detect this vulnerability using Behavior Detection and Exploit Prevention components. Within our < ..
Support the originator by clicking the read the rest link below.
