Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New Blog Post | Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

Microsoft

Figure2-attack-chain.png

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability | Microsoft Security Blog

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders. These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware.

1 Reply
Thank you for sharing.
A good news is most Anti-Malware products including Microsoft Defender are able to detect and block this exploit. So if someone send a malicious file, it will be blocked by Microsoft Defender.
However everyone have to make sure deploy updates as soon as possible.