• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

What You Need To Know About The MSHTML Vulnerability

Microsoft warns of a new 0-day that allows attackers to perform remote code execution via a malicious ActiveX control and an Office document.

September 9, 2021 Zachary Comeau Leave a Comment

Microsoft January Patch Tuesday
wolterke/stock.adobe.com

Microsoft is warning of a new zero-day vulnerability in Windows MSHTML that allows attackers to perform remote code execution via a malicious ActiveX control and a Microsoft Office document.

Microsoft and CISA issued warnings about the vulnerability this week, with both saying the vulnerability has been exploited in the wild. It has been assigned to CVE-2021-40444.

Hackers are attempting to exploit this vulnerability by using specially crafted Microsoft Office documents that hosts the browser rendering engine. An attacker then has to convince a user to open the malicious document.

According to Microsoft, the attacks target administrators and other users with elevated privileges, and users with lower rights could be less impacted.

The company’s advisory says Microsoft Defender Antivirus and Defender for Endpoint both provide detection and protections for this vulnerability, but customers should keep antimalware products up to date or enable automatic updates.

Enterprise admins who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Defender for Endpoint alerts will be displayed as “Suspicious Cpl File Execution”, the company says.

Microsoft says Office will open documents from the internet in Protected View or Application Guard for Office to prevent the malicious document from providing network access. That is a default setting, so make sure it hasn’t been changed.

Although no patch has been issued yet, Microsoft did issue a workaround that includes disabling the installation of all ActiveX control sin Internet Explorer, which can be done by updating the registry.

Previously installed ActiveX controls will continue to run, but do not expose this flaw, the company says.

However, an incorrect use of Registry Editor can cause serious problems to the operating system that may require a reinstallation, so follow Microsoft’s workaround instructions closely.

What is MSHTML? The vulnerability explained

According to a blog from cybersecurity firm Malwarebytes, MSHTML is a software component that is used to render web pages on Windows. It’s usually associated with Internet Explorer, but it is also used in other software, including some versions of Skype, outlook, Visual Studio and more.

The company called MSHTML the “beating heart” of Internet Explorer, thus the vulnerability also exists in that browser. That browser is rarely used these days with Microsoft pushing its Edge browser and Chrome, Firefox and others becoming more popular. However, MSHTML is used by Office applications to display web content in Office documents, the cybersecurity company says.

The attack depends on MSHTML loading a specially crafted ActiveX control when a target opens a malicious Office document. The loaded ActiveX control can then run arbitrary code to infect the system with more malware, according to Malwarebytes.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Microsoft, MSHTML, Vulnerability

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.