Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Microsoft warns of a Windows zero-day security hole that is being actively exploited
  • Cyber Attacks
  • Malware
  • Vulnerabilities

Microsoft warns of a Windows zero-day security hole that is being actively exploited

5 years ago Graham Cluley
Microsoft warns of a Windows zero-day security hole that is being actively exploited

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations.

The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content.

According to Microsoft, attacks exploiting the vulnerability have targeted companies via boobytrapped Microsoft Office documents.

In short, a typical timeline of infection might go something like this:

  • One of your users downloads or receives a boobytrapped Microsoft Office file. Perhaps they are socially-engineered into clicking on a malicious link, or find the poisoned file in their inbox.
  • The user opens the Microsoft Office file to view its contents, but it contains an embedded malicious ActiveX control.
  • The ActiveX control exploits the bug in Windows MSHTML to gain the same level of control as the user, whereupon it installs malware of the hacker’s choice.

Microsoft’s security team explains that users who are not running with administration rights can reduce the impact of an attack:

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Researcher Haifei Li of EXPMON who reported their discovery of the “dangerous” vulnerability to Microsoft on Sunday, and that it was being exploited in in-the-wild attacks, advised, in the absence of an official patch, that “Office users be extremely cautious about Office files – DO NOT OPEN if not fully trust the source!”

To reduce the risk, Microsoft advises that system administrators enforce registry settings across their network that prevents new ActiveX controls from running. Previously installed ActiveX controls will continue to run, but do not expose this vulnerability.

Microsoft is scheduled to release its regular monthly bundle of security patches on Tuesday next week, and many organisations will be hoping that a proper, permanent fix for the CVE-2021-40444 zero-day vulnerability is included.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Microsoft warns of a Windows zero-day security hole that is being actively exploited” appeared first on TripWire

Source:TripWire – Graham Cluley

Tags: Bug, Hacker, Microsoft, TripWire, Vulnerability

Continue Reading

Previous Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix
Next SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

22 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

23 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

24 hours ago [email protected] (The Hacker News)

Recent Posts

  • Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
  • AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.
  • OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
  • GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
  • China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT