Mitigate CVE 2021 40444

Mitigate CVE-2021-40444 with XEOX

CVE-2021-40444 is a zero-day remote code execution vulnerability in MSHTML, a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

Thankfully there are a few work arounds to mitigate this vunerability, one of the easiest is using XEOX.

In order for the XEOX variant to work, you first of all need a XEOX account. After you login to your account you have to do the following steps:

  • Go to Agent or Install Agent on the menu bar and install it. If you need help with the installation please read the instructions in Agent or read agent installation.

  • Under Job Center, select Jobs. In the gray menu bar you should select create.

  • When you create a job, you must first to give the job a name and select the devices the job should be run on, you can find more information regarding that on our help site

  • Afterwards, in order to mitigate the weakness, you need to create a file in the job creator. The name doesn’t matter but it should be a .reg file and you must enter the following code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones1]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones2]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones3]
"1001"=dword:00000003
"1004"=dword:00000003

  • The next step is to use execute from the toolbox and enter the following:

/s is needed to execute a .rag file and CVE-2021-40444 should be replaced by the name of the before created file.

  • Now you just have to save the job and then you successfully and easily mitigated the CVE-2021-40444 vunerability.

References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

https://www.heise.de/news/Attacken-auf-Windows-Vorsicht-vor-praeparierten-Office-Dokumenten-6185702.html

Angriff über Office-Dokumente auf Microsoft MSHTML (ActiveX) RCE-Schwachstelle (CVE-2021-40444)

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

More blog posts

Uncategorized

RMM tools and why you should use two

RMM tools and why you should use two An Remote monitoring and management tool (also called RMM tool) is the process of supervising and controlling