Skip to main content

HKCERT Urges Microsoft Windows Users to be Vigilant Against Malicious Exploit of Critical Vulnerability

(Hong Kong, 13 September 2021) The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council is urging local Microsoft Windows users to beware of a critical vulnerability recently discovered in various versions of the operating system. This vulnerability has been exploited in the wild. So far, Microsoft has not provided a patch to fix the vulnerability yet but has identified temporary workaround. Users are advised to seek information technology (IT) support to implement the workaround and monitor the development of the attacks and the availability of a patch.

Microsoft stated that this vulnerability is in MSHTML, a component used in Office applications to render web-hosted content. Attackers may persuade users to download and open a specially-crafted Office document containing a malicious ActiveX control. Once the user opens this document file, the attacker can remotely execute malicious code on the targeted system. According to Microsoft, although both Microsoft Defender Antivirus and Microsoft Defender for Endpoint can detect the vulnerability and provide relevant protection for the system, users are advised not to open any unknown and suspicious Office documents, and keep their Microsoft Defender Antivirus and Microsoft Defender for Endpoint up to date.

To avoid being affected by this vulnerability, IT administrators can consider applying the workaround solution provided by Microsoft to disable the installation of ActiveX controls. Previously-installed ActiveX controls will still run, but no new ones will be added, including malicious ones. Besides, Microsoft will release its monthly security update for September this week. Users could visit or subscribe the Security Bulletin of HKCERT website to get the latest information.

For more details, please refer to HKCERT Security Bulletin[1] or Microsoft security guide[2]. Should users have further questions, please do not hesitate to contact HKCERT via email: hkcert@hkcert.org or its 24-hour telephone hotline: 8105 6060. HKCERT will continue monitoring the latest development of the vulnerability and keep the public informed if there are any updates.

Reference Links:
[1] https://www.hkcert.org/security-bulletin/microsoft-windows-remote-code-execution-vulnerability_20210908
[2] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

- Ends -