Service Advisory – Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)

Service Advisory

Please share the following information with your teams.

Information Security has notified a zero-day Microsoft vulnerability (CVE-2021-40444). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Severity level 

CVSS Score: (High) 8.8

Description 

MSHTML is a browser rendering engine that is also used by Microsoft Office documents, and the attacks are said to utilize specially-crafted documents that targeted users would have to click.

Affected Versions:  Windows OS  

Impact 

A remote attacker could exploit this vulnerability to take control of an affected system.

Resolution 

Microsoft released the Mitigations and workarounds to address this vulnerability.

Reference 

https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

Contact:

UIT Client Services at askit@yorku.ca or 416 736 5800

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web