A new Windows vulnerablity actively exploited using phishing attacks
Author: Harsh Panchal
Early this month Microsoft has published a note on a critical vulnerability that allows attackers to fully gain access to the user device. Just by opening a simple Microsoft Office document without having macro-enabled, the attacker can have full access to the user system. This vulnerability is known as MSHTML remote code execution and CVE-2021-40444.
Attackers and security researchers are taking advantage of this vulnerability to gain access to the end-user device without getting detected by the antivirus and anti-malware solutions. Microsoft has warned the community and all users as they have still not published any official security patch for this vulnerability. All Windows 10 versions and some Windows Servers are targeted using this vulnerability.
This exploit renders the Active X engine that has been used in the Microsoft Operating system. Furthermore, this is not only working on Internet Explorer but it works with Microsoft Office products as well. Here is the attack chain that has been provided by Microsoft.
Microsoft has not officially released any security patch for this vulnerability as it is still under-investigated. However, they have published a workaround mitigation guide that can help you to protect your business against such attacks. Please note that applying this workaround will impact the ability of printing services on Windows devices therefore, you won't be able to print certain documents because they rely on Active X controls. Alternatively, if you have enabled the attack surface reduction rules on your Microsoft environment then this attack will not be impacted by this exploit.
If you are using SentinelOne as your Antivirus defence then you can also mitigate and capture this vulnerability using the rules and policy and also mitigate and remediate the attack with just a click of a button. For more details please contact our support team at email@example.com.
Windows zero-day vulnerability HiveNightmare aka SeriousSAM
HiveNightmare is one of the Windows zero-day vulnerabilities that is currently exploited in the wild. It is also known as SeriousSAM (CVE-2021-36934) due to the nature of the attack includes...More
We are nominated - Making the Difference award through the Northern Star Business Awards AGCC
The finalists have been announced for the Northern Star Business Awards, the Chamber’s annual accolades for successful businesses in the region and TechForce has been shortlisted for Making ...More
Kaseya REvil Ransomware Attack From Our Cybersecurity Specialist Harsh Panchal
Kaseya is one of the largest Managed Service Providers (MSPs) who manages and provides various IT and Cybersecurity services around the world. One of the services is called Kaseya VSA.More
Catch Jai on Scotland Tonight on STV on 1st July 2021 Talking CyberSecurity and the continual threats
Jai will be in the STV studio talking about the current threats open to individuals and businesses in ScotlandMore
FOR LATEST UPDATES SUBSCRIBE HERE: