Mitigate CVE 2021 40444

Mitigate CVE-2021-40444 with XEOX

CVE-2021-40444 is a zero-day remote code execution vulnerability in MSHTML, a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

Thankfully there are a few work arounds to mitigate this vunerability, one of the easiest is using XEOX.

In order for the XEOX variant to work, you first of all need a XEOX account. After you login to your account you have to do the following steps:

Go to Agent or Install Agent on the menu bar and install it. If you need help with the installation please read the instructions in Agent or read agent installation.

Under Job Center, select Jobs. In the gray menu bar you should select create.

When you create a job, you must first to give the job a name and select the devices the job should be run on, you can find more information regarding that on our help site

Afterwards, in order to mitigate the weakness, you need to create a file in the job creator. The name doesn’t matter but it should be a .reg file and you must enter the following code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones1]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones2]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones3] "1001"=dword:00000003 "1004"=dword:00000003

The next step is to use execute from the toolbox and enter the following:

/s is needed to execute a .rag file and CVE-2021-40444 should be replaced by the name of the before created file.

Now you just have to save the job and then you successfully and easily mitigated the CVE-2021-40444 vunerability.

References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

https://www.heise.de/news/Attacken-auf-Windows-Vorsicht-vor-praeparierten-Office-Dokumenten-6185702.html

Angriff über Office-Dokumente auf Microsoft MSHTML (ActiveX) RCE-Schwachstelle (CVE-2021-40444)

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Share This Post

More blog posts

Uncategorized

What is Rootkit?

What is Rootkit A rootkit is a type of malicious software that is designed to gain privileged access to a computer system. Once a rootkit

Michael Satlow 20/03/2023

Cyber Security

Understanding PGP Encryption

Understanding PGP Encryption PGP (Pretty Good Privacy) is a cryptographic software program that provides secure communication by encrypting and decrypting data. PGP was created by

Markus Huber 17/03/2023

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Mitigate CVE 2021 40444

Mitigate CVE-2021-40444 with XEOX

Share This Post

More blog posts

What is Rootkit?

Understanding PGP Encryption

Company

Resources

ComplianCe