Microsoft has identified a new zero-day vulnerability capable of attacking Windows 10 and certain versions of Windows Server systems. Microsoft has alerted users about this security flaw and suggested practical workarounds to reduce the risk of attacks. MiniTool Solution will present the newly discovered zero-day vulnerability from a few days ago and outline the practical mitigation strategies.

Hackers Can Exploit Your Windows Through CVE-2021-40444

Recently, a new zero-day vulnerability has been discovered. Hackers can utilize it to carry out attacks on Windows 10 and specific Windows Server machines. As of now, there is no official security update available to fix these systems. However, Microsoft has informed users about this security vulnerability and provided some helpful workarounds to mitigate the threat.

This new zero-day vulnerability is referred to as CVE-2021-40444. Hackers and attackers are exploiting it to execute code remotely on the targeted computer; even worse, they could gain full control over the PC.

A New Windows Print Spooler "PrintNightmare" Vulnerability Has Been Discovered.

Note: Developing a good practice of backing up the system and disk can help protect critical data from being lost due to disasters like unforeseen attacks. If your necessary files have already been lost before you had the opportunity to back them up, please use the following recovery software to retrieve them immediately.

Attackers Are Using Internet Explorer and Microsoft Office Documents

According to research, the security flaw CVE-2021-40444 can affect the MSHTML component in the Internet Explorer browser rendering engine running on Windows 10 and some Windows Server systems. However, if you believe you're safe because you never used Internet Explorer, you're mistaken. Why? Because Microsoft Office is also impacted by the remote code execution vulnerability.

The same vulnerable component—the rendering engine—is also utilized by Microsoft Office applications for rendering web-based content. Thus, if you inadvertently open trapped websites or specially crafted Microsoft Office documents, you'll become a victim.

1. The MSHTML will load when users open Office documents (.docx file types).
2. Subsequently, a specially crafted malicious webpage will appear.
3. The ActiveX control will be employed to bring the system to download the malware payload.

Caution:

The MSHTML remote code execution vulnerability affects users with fewer privileges less than those with higher privileges.

You Can Obtain Admin Rights On Windows 10 With A Razer Mouse.

Microsoft Warned Windows Users About CVE-2021-40444 And Provided Mitigations

On the morning of Sunday, September 5, 2021, a researcher at EXPMON reported this Windows security vulnerability to Microsoft. Following this, Microsoft published the page “Microsoft MSHTML Remote Code Execution Vulnerability” on its website to explain CVE-2021-40444 and offer details on exploitability, mitigations, workarounds, and more. Rest assured, Microsoft is actively working on this issue and will release a security update to patch the vulnerability soon, either as part of the Patch Tuesday cycle or possibly as an out-of-band update beforehand.

All Windows 10 and Windows Server users should promptly implement mitigation measures until an official patch is released.

How to Mitigate the New Security Threat

Microsoft primarily suggests two approaches for mitigating CVE-2021-40444 at present.

#1. Update Antimalware Products

Users should ensure that Microsoft Defender Antivirus and Microsoft Defender for Endpoint are enabled and updated on their computers. Both products offer detection and protection against the known vulnerability.

• If you have already enabled Windows automatic updates, no additional action is required.
• For enterprise users who manage updates manually, they should opt for the detection build 1.349.22.0 or later and deploy it as soon as possible.

#2. Disable Internet Explorer ActiveX Controls

Microsoft stated that disabling the installation of all ActiveX controls in Internet Explorer effectively mitigates the known attack. Post this, the ActiveX controls previously installed on your PC won't expose this vulnerability, although they will continue to function.

Warning: Always back up your Registry before making any changes and exercise caution when editing the registries. Any errors could lead to severe issues requiring a reinstallation of your operating system. Use the Registry Editor at your own risk.

Steps to disable ActiveX controls via Group Policy:

1. Open Group Policy Editor on Windows 10.
2. Navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page in the left pane.
3. Double-click on Internet Zone in the right pane.
4. Double-click Download signed ActiveX controls.
5. Select Disabled and click OK.
6. Repeat steps 3 through 5 for all zones in the list to fully secure your system.

Additionally, you can disable ActiveX controls on an individual system via regkey or disable preview in Windows Explorer to further enhance protection.

The above is the detailed content of A New Windows Zero-Day Vulnerability Is Found: CVE-2021-40444. For more information, please follow other related articles on the PHP Chinese website!