Mitigate CVE 2021 40444

Mitigate CVE-2021-40444 with XEOX

CVE-2021-40444 is a zero-day remote code execution vulnerability in MSHTML, a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

Thankfully there are a few work arounds to mitigate this vunerability, one of the easiest is using XEOX.

In order for the XEOX variant to work, you first of all need a XEOX account. After you login to your account you have to do the following steps:

  • Go to Agent or Install Agent on the menu bar and install it. If you need help with the installation please read the instructions in Agent or read agent installation.

  • Under Job Center, select Jobs. In the gray menu bar you should select create.

  • When you create a job, you must first to give the job a name and select the devices the job should be run on, you can find more information regarding that on our help site

  • Afterwards, in order to mitigate the weakness, you need to create a file in the job creator. The name doesn’t matter but it should be a .reg file and you must enter the following code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones1]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones2]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones3]

  • The next step is to use execute from the toolbox and enter the following:

/s is needed to execute a .rag file and CVE-2021-40444 should be replaced by the name of the before created file.

  • Now you just have to save the job and then you successfully and easily mitigated the CVE-2021-40444 vunerability.


Angriff über Office-Dokumente auf Microsoft MSHTML (ActiveX) RCE-Schwachstelle (CVE-2021-40444)

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Share This Post

More blog posts


What is a Security Operations Center (SOC)?

What is a Security Operations Center (SOC)? A security operations center (SOC), also called an information security operations center (ISOC), is a central location where

Cyber Security

Celebrity scam artist fraud

Celebrity scam artist fraud Has your favorite celebrity contacted you on social media? Before you get too excited, are you sure it’s that person? Really