Solution
- What is CVE-2021-40444?
- Does ESET protect me from CVE-2021-40444?
- Disable ActiveX Controls in Internet Explorer
- Latest updates
What is CVE-2021-40444?
On September 7, 2021, Microsoft released a Security Vulnerability report of a remote code execution vulnerability (known as CVE-2021-40444 ) in MSHTML that affects Microsoft Windows.
CVE-2021-4044 affects the "MSHTML" component of Internet Explorer (IE) on Windows 10 and other Windows Server versions. IE has decreased in popularity, but the browser is still a component of operating systems like Microsoft Office.
Does ESET protect me from CVE-2021-40444?
ESET is investigating reports of a remote code execution vulnerability CVE-2021-40444 and is adding detections for known samples exploiting the vulnerability.
We recommend the following mitigation for protection:
- Disable ActiveX in Internet Explorer
- Avoid opening documents you were not expecting
- Look for a patch from Microsoft
Disable ActiveX controls in Internet Explorer
- Open Internet Explorer.
- From the Tools drop-down menu, click Manage Add-Ons.
- From the Show drop-down menu, confirm that All Add-Ons is selected.
- Click an add-on in a list.
- Click Disable next to ActiveX.
- Repeat steps 4 and 5 for every ActiveX control in the Manage Add-Ons window.
- Click Close to dismiss the Manage Add-Ons window.
Latest updates
For the latest details and mitigation steps for CVE-2021-40444, see Microsoft's full article.
For more information on the CVE-2021-40444 vulnerability, see our discussion in the ESET Security Forum.