Threat Summary
Microsoft is warning its users of a zero-day vulnerability in Windows 10 and versions of Windows Server that is being leveraged by remote, unauthenticated attackers to execute code on the target system using specifically crafted office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Microsoft Office to render web content inside Word, Excel, and PowerPoint documents. This vulnerability is being actively exploited and protections should be put into place to prevent that. Microsoft has released guidance on a workaround, as well as updates to prevent exploitation, but below are additional McAfee Enterprise countermeasures you can use to protect your business.
MVISION Insights Campaign – “CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability”
Since originally reported, vulnerability exploitation has grown worldwide.
Figure 1. Latest MITRE ATT&CK framework for Exploitation of CVE-2021-40444. Source: MVISION Insights
Additional MITRE ATT&CK techniques have been identified since our original report. MVISION Insights will be regularly updated with the latest IOCs and hunting rules for proactive detection in your environment.
Figure 2. Latest MITRE ATT&CK framework for Exploitation of CVE-2021-40444. Source: MVISION Insights
McAfee Enterprise Product Protections
The following McAfee Enterprise products can protect you against this threat.
Figure 3. Protection by ENS Module
For ENS, it’s important to have both Threa ..
Support the originator by clicking the read the rest link below.
