Sign-up

ID

VAR-202109-1909


CVE

CVE-2021-40444


TITLE

plural  Microsoft Windows  Remote Code Execution Vulnerability in Product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681

DESCRIPTION

<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p> . Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack

Trust: 2.25

sources: NVD: CVE-2021-40444 // JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-40444

AFFECTED PRODUCTS

vendor:microsoftmodel:windows 7scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2008scope:eqversion:r2

Trust: 1.0

vendor:microsoftmodel:windows 10 1909scope:ltversion:10.0.18363.1801

Trust: 1.0

vendor:microsoftmodel:windows 10 1607scope:ltversion:10.0.14393.4651

Trust: 1.0

vendor:microsoftmodel:windows 10 2004scope:ltversion:10.0.19041.1237

Trust: 1.0

vendor:microsoftmodel:windows 10 1507scope:ltversion:10.0.10240.19060

Trust: 1.0

vendor:microsoftmodel:windows rt 8.1scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2008scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2012scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2019scope:ltversion:10.0.17763.2183

Trust: 1.0

vendor:microsoftmodel:windows server 2022scope:ltversion:10.0.20348.230

Trust: 1.0

vendor:microsoftmodel:windows server 20h2scope:ltversion:10.0.19042.1237

Trust: 1.0

vendor:microsoftmodel:windows 10 21h1scope:ltversion:10.0.19043.1237

Trust: 1.0

vendor:microsoftmodel:windows server 2004scope:ltversion:10.0.19041.1237

Trust: 1.0

vendor:microsoftmodel:windows server 2016scope:ltversion:10.0.14393.4651

Trust: 1.0

vendor:microsoftmodel:windows 10 20h2scope:ltversion:10.0.19042.1237

Trust: 1.0

vendor:microsoftmodel:windows 10 1809scope:ltversion:10.0.17763.2183

Trust: 1.0

vendor:microsoftmodel:windows 8.1scope:eqversion: -

Trust: 1.0

vendor:マイクロソフトmodel:microsoft windows server 2012scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2008scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 r2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2022 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows rt 8.1scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for 32-bit systems sp2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 8.1scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2022

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2019

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:20h2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for x64-based systems sp2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2016

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 7scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2022scope:eqversion: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for x64-based systems sp2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 r2 for x64-based systems sp1 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for 32-bit systems sp2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2019scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 r2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2004 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2016scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2016 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 10scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2022scope:eqversion:(server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2019 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 r2 for x64-based systems sp1

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681 // NVD: CVE-2021-40444

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-40444
value: HIGH

Trust: 1.8

secure@microsoft.com: CVE-2021-40444
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-350
value: HIGH

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2021-40444
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@microsoft.com:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.3
version: 3.1

Trust: 1.0

NVD: CVE-2021-40444
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-350 // NVD: CVE-2021-40444 // NVD: CVE-2021-40444

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002681 // NVD: CVE-2021-40444

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-350

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-40444

PATCH
title:Microsoft MSHTML Remote Code Execution Vulnerability Security Update Guideurl:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-40444
Trust: 0.8
title:MSHTML Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161636
Trust: 0.6
title:CVE-2021-40444url:https://github.com/darksprings/cve-2021-40444 
Trust: 0.1
title:cve-2021-40444url:https://github.com/jamesrep/cve-2021-40444 
Trust: 0.1
title:MSHTMHellurl:https://github.com/amartinsec/mshtmhell 
Trust: 0.1
title:MSHTHellurl:https://github.com/amartinsec/mshthell 
Trust: 0.1
title:CVE-2021-40444_buildersurl:https://github.com/aslitsecurity/cve-2021-40444_builders 
Trust: 0.1
title:CVE-2021-40444url:https://github.com/lockedbyte/cve-2021-40444 
Trust: 0.1
title:Exploit-PoC-CVE-2021-40444-inject-ma-doc-vao-docxurl:https://github.com/nightrelax/exploit-poc-cve-2021-40444-inject-ma-doc-vao-docx 
Trust: 0.1
title:cve-2021-40444-analysisurl:https://github.com/immersive-labs-sec/cve-2021-40444-analysis 
Trust: 0.1
title:CVE-2021-40444url:https://github.com/ozergoker/cve-2021-40444 
Trust: 0.1
title:CVE-2021-40444-docx-Generateurl:https://github.com/lagal1990/cve-2021-40444-docx-generate 
Trust: 0.1
title:CVE-2021-40444url:https://github.com/kozmer/cve-2021-40444 
Trust: 0.1
title:CVE-2021-40444url:https://github.com/fanqxu/cve-2021-40444 
Trust: 0.1
title:CVE-2021-40444url:https://github.com/vysecurity/cve-2021-40444 
Trust: 0.1
title:CVE-2021-40444url:https://github.com/v0lk3n/cve-2021-40444 
Trust: 0.1
title:CVE-2021-40444-docx-Generateurl:https://github.com/fengjixuchui/cve-2021-40444-docx-generate 
Trust: 0.1
title:CVE-2021-40444-Sampleurl:https://github.com/udyz/cve-2021-40444-sample 
Trust: 0.1
title:VilNEurl:https://github.com/vilne-scanner/vilne 
Trust: 0.1
title:YangsirStudyPlanurl:https://github.com/yangsirrr/yangsirstudyplan 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
Trust: 0.1
title:Threatposturl:https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2021/09/07/microsoft_office_zero_day/
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-40444 // 
            
            
            
            JVNDB: JVNDB-2021-002681 // 
            
            
            
            CNNVD: CNNVD-202109-350

EXTERNAL IDS
db:NVDid:CVE-2021-40444
Trust: 2.5
db:PACKETSTORMid:165214
Trust: 1.6
db:PACKETSTORMid:164210
Trust: 1.6
db:PACKETSTORMid:167317
Trust: 1.6
db:JVNDBid:JVNDB-2021-002681
Trust: 0.8
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021090712
Trust: 0.6
db:CXSECURITYid:WLB-2022060003
Trust: 0.6
db:CXSECURITYid:WLB-2021120045
Trust: 0.6
db:CNNVDid:CNNVD-202109-350
Trust: 0.6
db:VULMONid:CVE-2021-40444
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-40444 // 
            
            
            
            JVNDB: JVNDB-2021-002681 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202109-350 // 
            
            
            
            NVD: CVE-2021-40444

REFERENCES
url:http://packetstormsecurity.com/files/164210/microsoft-windows-mshtml-overview.html
Trust: 2.2
url:http://packetstormsecurity.com/files/165214/microsoft-office-word-mshtml-remote-code-execution.html
Trust: 2.2
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-40444
Trust: 1.6
url:http://packetstormsecurity.com/files/167317/microsoft-office-msdt-follina-proof-of-concept.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-40444
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20210915-ms.html
Trust: 0.8
url:https://www.jpcert.or.jp/at/2021/at210041.html
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://vigilance.fr/vulnerability/windows-code-execution-via-mshtml-activex-36328
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2022060003
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2021120045
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021090712
Trust: 0.6
url:https://github.com/darksprings/cve-2021-40444
Trust: 0.1
url:https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/
Trust: 0.1
url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-40444
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-40444 // 
            
            
            
            JVNDB: JVNDB-2021-002681 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202109-350 // 
            
            
            
            NVD: CVE-2021-40444

CREDITS
JMousqueton
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202109-350

SOURCES
db:VULMONid:CVE-2021-40444
db:JVNDBid:JVNDB-2021-002681
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-350
db:NVDid:CVE-2021-40444

LAST UPDATE DATE
2024-07-30T23:10:06.488000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-002681date:2021-09-29T06:42:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-350date:2022-07-14T00:00:00
db:NVDid:CVE-2021-40444date:2024-07-29T19:38:46.307

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-002681date:2021-09-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-350date:2021-09-07T00:00:00
db:NVDid:CVE-2021-40444date:2021-09-15T12:15:16.467