Exploits for nasty Internet Explorer bug found on hacking forums

News
By
published

Threat actors have already found a way around Microsoft’s original mitigations for the bug

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

In addition to sharing working exploits, threat actors are not sharing tutorials to help others fabricate their own attacks that make use of the recently discovered zero-day vulnerability in Internet Explorer’s browser engine Trident, also known as MSHTML, according to reports.

Microsoft disclosed the vulnerability, tracked as CVE-2021-40444, last week saying that it could be weaponized through malicious documents with ActiveX content to execute commands on a victim's computer remotely.

Soon after Microsoft’s disclosure, security researchers were able to spot documents on the internet with ActiveX content designed specifically to take advantage of CVE-2021-40444.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

BleepingComputer now reports that threat actors have started circulating guides and information regarding the vulnerability on underground hacking forums to help other malicious users craft exploits based on CVE-2021-40444.

No cure, only mitigations

Although software companies don’t disclose a vulnerability, until it has been fixed, Microsoft’s hand was forced after security vendors EXPMON and Mandiant both spotted the vulnerability being exploited. 

In response, Microsoft decided to disclose the vulnerability and shared mitigations, which involve blocking ActiveX controls and Microsoft Office document previews in Windows Explorer, to defang the exploit, even as the software giant works to create a patch to plug the vulnerability. 

However, researchers have since been able to modify the exploit not to use ActiveX, effectively bypassing Microsoft's mitigations. Threat actors reportedly had already discovered this workaround, and used it to create more spurious documents and instructions. 

The information is reportedly simple to follow and enables anyone to create their own working version of the CVE-2021-40444 exploit.

The good news however is that security programs such as Microsoft Defender have been equipped to detect and flag such malicious documents, which is the best users can hope for in the absence of an official fix.

Via BleepingComputer

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
Flag of the People&#039;s Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
Cyber-security
Top file-sharing tools are being hit by security attacks once again
Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
70mai 360 Omni 4K Dash Cam

I've reviewed dozens of dash cams, and 70mai's new rotating 4K dash cam is unlike any other
See more latest
Most Popular
International Space Station
Is the moon too far for your data? IBM's Red Hat is teaming up with Axiom Space to send a data center into space
Samsung NAND
Well, that's unexpected: Samsung will team up with its fiercest Chinese rival to produce next gen NAND flash
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Molecular hard drive
Chinese researchers are looking to create a revolutionary type of hard drive based on organic materials but huge unknowns remain
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 10 (game #1141)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 10 (game #372)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 10 (game #638)
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max