Your systems are complicated and changing all the time

Not long-ago Microsoft patched a critical MSHTML remote code execution security flaw being tracked as CVE-2021-40444.

Beginning on August 18, 2021, the company spotted hackers exploiting this flaw in the wild. So far there have been fewer than ten attacks made that exploit this flaw but it's inevitable that the number will increase.

So far all of the attacks that have been tracked exploiting this flaw have relied on maliciously crafted Word documents and all have resulted in the installation of Cobalt Strike Beacon loaders.

Beacons deployed on at least one of the networks that were attacks communicated with infrastructure connected with a number of cybercrime campaigns. Those include the ones that utilize human-operated ransomware.

At least two of the other attacks tracked to date have delivered Trickbot and BazaLoader payloads. Microsoft observed a huge spike in exploitation attempts from multiple threat actors including some affiliated with ransomware-as-a-service operations.


This flaw has a patch for it

Microsoft is continuing to monitor the situation, but the bottom line is simply this: This flaw has been patched. Researchers connected with have independently verified that the exploit no longer works after applying the September 2021 security patch.

Hackers around the world are actively scanning for unpatched systems in order to exploit the vulnerability. If your system is vulnerable, then your risk in this instance is extreme. The best course of action is to patch your way out of danger at your earliest opportunity.

If for any reason you are unable to apply the patch be aware that Microsoft has published a viable workaround that includes disabling ActiveX controls via Group Policy and preview in Windows Explorer.


My perspective

Kudos to Microsoft for addressing the issue and for coming up with a workaround for those who are unable to patch their way to safety.


Too many of your staff use the Sgt. Schultz defense:

"I know NOTHING"


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak for free to your association