ID

VAR-202109-1909


CVE

CVE-2021-40444


TITLE

plural  Microsoft Windows  Remote Code Execution Vulnerability in Product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681

DESCRIPTION

<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p> . Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack

Trust: 2.25

sources: NVD: CVE-2021-40444 // JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-40444

AFFECTED PRODUCTS

vendor:microsoftmodel:windows 7scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2008scope:eqversion:r2

Trust: 1.0

vendor:microsoftmodel:windows 10 1909scope:ltversion:10.0.18363.1801

Trust: 1.0

vendor:microsoftmodel:windows 10 1607scope:ltversion:10.0.14393.4651

Trust: 1.0

vendor:microsoftmodel:windows 10 2004scope:ltversion:10.0.19041.1237

Trust: 1.0

vendor:microsoftmodel:windows 10 1507scope:ltversion:10.0.10240.19060

Trust: 1.0

vendor:microsoftmodel:windows rt 8.1scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2008scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2012scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2019scope:ltversion:10.0.17763.2183

Trust: 1.0

vendor:microsoftmodel:windows server 2022scope:ltversion:10.0.20348.230

Trust: 1.0

vendor:microsoftmodel:windows server 20h2scope:ltversion:10.0.19042.1237

Trust: 1.0

vendor:microsoftmodel:windows 10 21h1scope:ltversion:10.0.19043.1237

Trust: 1.0

vendor:microsoftmodel:windows server 2004scope:ltversion:10.0.19041.1237

Trust: 1.0

vendor:microsoftmodel:windows server 2016scope:ltversion:10.0.14393.4651

Trust: 1.0

vendor:microsoftmodel:windows 10 20h2scope:ltversion:10.0.19042.1237

Trust: 1.0

vendor:microsoftmodel:windows 10 1809scope:ltversion:10.0.17763.2183

Trust: 1.0

vendor:microsoftmodel:windows 8.1scope:eqversion: -

Trust: 1.0

vendor:マイクロソフトmodel:microsoft windows server 2012scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2008scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 r2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2022 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows rt 8.1scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for 32-bit systems sp2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 8.1scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2022

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2019

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:20h2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for x64-based systems sp2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2016

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 7scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2022scope:eqversion: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for x64-based systems sp2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 r2 for x64-based systems sp1 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for 32-bit systems sp2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2019scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 r2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2004 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2016scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2016 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 10scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2022scope:eqversion:(server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2019 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 r2 for x64-based systems sp1

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681 // NVD: CVE-2021-40444

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-40444
value: HIGH

Trust: 1.8

secure@microsoft.com: CVE-2021-40444
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-350
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2021-40444
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@microsoft.com:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.3
version: 3.1

Trust: 1.0

NVD: CVE-2021-40444
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-350 // NVD: CVE-2021-40444 // NVD: CVE-2021-40444

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681 // NVD: CVE-2021-40444

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-350

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-40444

PATCH

title:Microsoft MSHTML Remote Code Execution Vulnerability Security Update Guideurl:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-40444

Trust: 0.8

title:MSHTML Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161636

Trust: 0.6

title:CVE-2021-40444url:https://github.com/darksprings/cve-2021-40444

Trust: 0.1

title:cve-2021-40444url:https://github.com/jamesrep/cve-2021-40444

Trust: 0.1

title:MSHTMHellurl:https://github.com/amartinsec/mshtmhell

Trust: 0.1

title:MSHTHellurl:https://github.com/amartinsec/mshthell

Trust: 0.1

title:CVE-2021-40444_buildersurl:https://github.com/aslitsecurity/cve-2021-40444_builders

Trust: 0.1

title:CVE-2021-40444url:https://github.com/lockedbyte/cve-2021-40444

Trust: 0.1

title:Exploit-PoC-CVE-2021-40444-inject-ma-doc-vao-docxurl:https://github.com/nightrelax/exploit-poc-cve-2021-40444-inject-ma-doc-vao-docx

Trust: 0.1

title:cve-2021-40444-analysisurl:https://github.com/immersive-labs-sec/cve-2021-40444-analysis

Trust: 0.1

title:CVE-2021-40444url:https://github.com/ozergoker/cve-2021-40444

Trust: 0.1

title:CVE-2021-40444-docx-Generateurl:https://github.com/lagal1990/cve-2021-40444-docx-generate

Trust: 0.1

title:CVE-2021-40444url:https://github.com/kozmer/cve-2021-40444

Trust: 0.1

title:CVE-2021-40444url:https://github.com/fanqxu/cve-2021-40444

Trust: 0.1

title:CVE-2021-40444url:https://github.com/vysecurity/cve-2021-40444

Trust: 0.1

title:CVE-2021-40444url:https://github.com/v0lk3n/cve-2021-40444

Trust: 0.1

title:CVE-2021-40444-docx-Generateurl:https://github.com/fengjixuchui/cve-2021-40444-docx-generate

Trust: 0.1

title:CVE-2021-40444-Sampleurl:https://github.com/udyz/cve-2021-40444-sample

Trust: 0.1

title:VilNEurl:https://github.com/vilne-scanner/vilne

Trust: 0.1

title:YangsirStudyPlanurl:https://github.com/yangsirrr/yangsirstudyplan

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/

Trust: 0.1

title:Threatposturl:https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2021/09/07/microsoft_office_zero_day/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/

Trust: 0.1

sources: VULMON: CVE-2021-40444 // JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202109-350

EXTERNAL IDS

db:NVDid:CVE-2021-40444

Trust: 2.5

db:PACKETSTORMid:165214

Trust: 1.6

db:PACKETSTORMid:164210

Trust: 1.6

db:PACKETSTORMid:167317

Trust: 1.6

db:JVNDBid:JVNDB-2021-002681

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021090712

Trust: 0.6

db:CXSECURITYid:WLB-2022060003

Trust: 0.6

db:CXSECURITYid:WLB-2021120045

Trust: 0.6

db:CNNVDid:CNNVD-202109-350

Trust: 0.6

db:VULMONid:CVE-2021-40444

Trust: 0.1

sources: VULMON: CVE-2021-40444 // JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-350 // NVD: CVE-2021-40444

REFERENCES

url:http://packetstormsecurity.com/files/164210/microsoft-windows-mshtml-overview.html

Trust: 2.2

url:http://packetstormsecurity.com/files/165214/microsoft-office-word-mshtml-remote-code-execution.html

Trust: 2.2

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-40444

Trust: 1.6

url:http://packetstormsecurity.com/files/167317/microsoft-office-msdt-follina-proof-of-concept.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-40444

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20210915-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2021/at210041.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/windows-code-execution-via-mshtml-activex-36328

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022060003

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2021120045

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090712

Trust: 0.6

url:https://github.com/darksprings/cve-2021-40444

Trust: 0.1

url:https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/

Trust: 0.1

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-40444

Trust: 0.1

sources: VULMON: CVE-2021-40444 // JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-350 // NVD: CVE-2021-40444

CREDITS

JMousqueton

Trust: 0.6

sources: CNNVD: CNNVD-202109-350

SOURCES

db:VULMONid:CVE-2021-40444
db:JVNDBid:JVNDB-2021-002681
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-350
db:NVDid:CVE-2021-40444

LAST UPDATE DATE

2024-07-30T23:10:06.488000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-002681date:2021-09-29T06:42:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-350date:2022-07-14T00:00:00
db:NVDid:CVE-2021-40444date:2024-07-29T19:38:46.307

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-002681date:2021-09-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-350date:2021-09-07T00:00:00
db:NVDid:CVE-2021-40444date:2021-09-15T12:15:16.467