Skip to main content Skip to local navigation

Service Advisory – Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)

 

A picture containing text  Description automatically generated

 

Service Advisory

 

Please share the following information with your teams.

 

Information Security has notified a zero-day Microsoft vulnerability (CVE-2021-40444). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

 

Severity level 

CVSS Score: (High) 8.8

  

Description 

MSHTML is a browser rendering engine that is also used by Microsoft Office documents, and the attacks are said to utilize specially-crafted documents that targeted users would have to click.

 

Affected Versions:  Windows OS  

 

Impact 

A remote attacker could exploit this vulnerability to take control of an affected system.

 

Resolution 

Microsoft released the Mitigations and workarounds to address this vulnerability.

  

Reference 

https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

 

Contact:

UIT Client Services at askit@yorku.ca or 416 736 5800

 

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web