Exploit in Microsoft Office Documents

Vanderbilt Enterprise Cybersecurity’s (VEC) Security Operations and Services issued a communication on Tuesday, September 21, 2021, to inform the IT community of a critical zero-day vulnerability that exists within Microsoft Windows MSHTML (Microsoft Hypertext Markup Language) engine.

CVE-2021-40444:  Microsoft MSHTML Remote Code Execution Vulnerability

An attacker could create a specially crafted Microsoft Office document containing a malicious ActiveX control. If a user opens the document, Office will download and execute the malicious script using the MSHTML engine. Microsoft and third-party sources have claimed active exploitation in the wild.

Affected Versions:

Multiple versions of Windows and Windows Servers

Next Steps:

Microsoft has released a fix in the September 2021 security update to address this vulnerability. Desktop and system administrators should test and execute their accelerated patching processes to install these updates no later than October 2, 2021. Please see the Security Updates table section for an applicable update for your system.

VEC Security Operations and Services continues to monitor developments for this vulnerability.

Sources and Resources: