Forum Discussion

AshleyMartin's avatar
AshleyMartin
Icon for Microsoft rankMicrosoft
Sep 16, 2021

New Blog Post | Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability | Microsoft Security Blog

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders. These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware.

cloud security
microsoft 365
microsoft 365 defender
  • Reza_Ameri's avatar
    Reza_Ameri
    Silver Contributor
    Sep 16, 2021
    Thank you for sharing.
    A good news is most Anti-Malware products including Microsoft Defender are able to detect and block this exploit. So if someone send a malicious file, it will be blocked by Microsoft Defender.
    However everyone have to make sure deploy updates as soon as possible.

Resources