Exploits for nasty Internet Explorer bug found on hacking forums

Threat actors have already found a way around Microsoft’s original mitigations for the bug

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In addition to sharing working exploits, threat actors are not sharing tutorials to help others fabricate their own attacks that make use of the recently discoveredzero-day vulnerabilityinInternet Explorer’s browser engine Trident, also known as MSHTML, according to reports.

Microsoftdisclosed the vulnerability, tracked as CVE-2021-40444, last week saying that it could be weaponized through malicious documents with ActiveX content to execute commands on a victim’s computer remotely.

Soon after Microsoft’s disclosure, security researchers were able tospot documentson the internet with ActiveX content designed specifically to take advantage of CVE-2021-40444.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

BleepingComputernow reports that threat actors have started circulating guides and information regarding the vulnerability on underground hacking forums to help other malicious users craft exploits based on CVE-2021-40444.

No cure, only mitigations

Although software companies don’t disclose a vulnerability, until it has been fixed, Microsoft’s hand was forced after security vendors EXPMON and Mandiant both spotted the vulnerability being exploited.

In response, Microsoft decided to disclose the vulnerability andshared mitigations, which involve blocking ActiveX controls andMicrosoft Officedocument previews in Windows Explorer, to defang the exploit, even as the software giant works to create a patch to plug the vulnerability.

However, researchers have since been able tomodify the exploitnot to use ActiveX, effectively bypassing Microsoft’s mitigations. Threat actors reportedly had already discovered this workaround, and used it to create more spurious documents and instructions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The information is reportedly simple to follow and enables anyone to create their own working version of the CVE-2021-40444 exploit.

The good news however is thatsecurity programssuch asMicrosoft Defenderhave been equipped to detect and flag such malicious documents, which is the best users can hope for in the absence of an official fix.

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Google Pixel 9 vs Samsung Galaxy S24: which base model is better?