<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 r2 |
||
microsoft windows 10 1607 |
||
microsoft windows server 2016 - |
||
microsoft windows server 2008 - |
||
microsoft windows rt 8.1 - |
||
microsoft windows server 2012 - |
||
microsoft windows 10 - |
||
microsoft windows server 2019 - |
||
microsoft windows 10 1809 |
||
microsoft windows 10 1909 |
||
microsoft windows 10 2004 |
||
microsoft windows server 2016 2004 |
||
microsoft windows 10 20h2 |
||
microsoft windows server 2016 20h2 |
||
microsoft windows 10 21h1 |
||
microsoft windows server 2022 - |
||
microsoft windows 7 - |
||
microsoft windows 8.1 - |
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
At the end of May, researchers from the nao_sec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool (MSDT) that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the document containing the exploit, or open it in Protected Mode. The vulnerability, which the researchers dubbed Follina, later received the identifier CVE-2022-30190. CVE-2022-30190 technical details Bri...
IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe. Web Anti-Virus recognized 313,164,030 unique URLs as ma...
Get our weekly newsletter Patch Tuesday fiesta also sees Adobe and SAP tidying up
Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge. Affected products include: Azure, Edge (Android, Chromium, and iOS), Office, SharePoint Server, Windows, Windows DNS, and the Windows Subsystem for Linux. Of these CVEs, three are rated critical, one is rated moderate, and the remainder are considered important. One of the publicly disclosed CVEs, dating back to September 7, resolves a critical zero-day...
Get our weekly newsletter Azure agent in Linux guests fixed, MSHTML exploit tackled, and much more – Plus: Adobe and SAP issue updates
Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge. Affected products include: Azure, Edge (Android, Chromium, and iOS), Office, SharePoint Server, Windows, Windows DNS, and the Windows Subsystem for Linux. Of these CVEs, three are rated critical, one is rated moderate, and the remainder are considered important. One of the already publicly disclosed CVEs resolves a critical zero-day vulnerabilit...
Get our weekly newsletter ActiveX and MSHTML, the gift that keeps on giving ... to intruders
In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. The vulnerability, CVE-2021-40444, is described as a hole in MSHTML, Internet Explorer's browser engine. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing victims to open or view it, potentially achieving remote code execution. "Microsoft is investigating reports of a remote c...
Get our weekly newsletter Google's TAG details operations of prolific group, including 9-to-5 workdays
A group with links to high-profile ransomware crews Conti and Diavol is working as an internet access broker (IAB) for a Russia-linked cybercriminal gang, according to Google's Threat Analysis Group (TAG). Exotic Lily gains access to vulnerable corporate networks then sells that access to the highest bidder among threat groups, which then run ransomware and other attacks against the victim. The group launches large-scale phishing campaigns, at one point sending as many as 5,000 emails a day to u...