InnerCircle Client Advisory: New Microsoft MSHTML Vulnerabilities

September 15th, 2021

New threats to Windows operating systems and Microsoft Office products

Incident Summary

InnerCircle has been tracking the discovery of new vulnerabilities revealed in the Microsoft Windows operating systems and Office software products. Attacking the newly exposed vulnerability relies on exploiting a weakness within the MSHTML browser engine underlying Internet Explorer and is used across the operating system. An attacker could craft a malicious Microsoft Office document and attempt to convince the user to open the malicious document.

All modern Windows operating systems are susceptible to this attack. Currently, there is no patch available, but Microsoft is urging users to mitigate with workarounds until a formal fix is released.

More details regarding the incident can be found here:

Microsoft Releases Mitigations and Workarounds for CVE-2021-40444 | CISA

CVE-2021-40444 - Security Update Guide - Microsoft - Microsoft MSHTML Remote Code Execution Vulnerability

InnerCircle Client Guidance

In light of these developments, and in close consultation with leaders in the cybersecurity community, we have proactively implemented temporary mitigations and protections within your environment to protect your organization from these threats.

This includes:

  • Disabling the installation of all ActiveX controls in Internet Explorer

Our mitigation action will have limited impact on how employees work however, please be advised that for the mitigation to be effective we must reboot your employee computers.

Due to the severity of this issue we will be automatically rebooting client systems beginning this evening, 9/14 at 12:00 AM Eastern Time.

To prevent any loss of data please ensure all open files and work are saved and/or closed prior to ending your workday this evening.

We remind you of the importance of continued diligence when working with email.

  • Never open attachments from senders you do not regularly communicate with.
  • Screen all requests for action to ensure appropriate context.
  • Be mindful of warning messages that your system presents as you work with attachments.

As we work to limit our clients exposure and while we await more permanent remedies from Microsoft we ask for your understanding and patience.

Employee Communication

We ask that you broadly communicate these changes to the individual members of your organization. As always, if any IT issues arise you may contact our First Response Group via email at helpdesk@innercircleit.com.

How We Can Help

Unfortunately, the discovery and exploitation of operating system and software vulnerabilities has become routine. As much as we can do as IT professionals to strengthen defenses, weaknesses like this illustrate how vulnerable even well defended systems can become. Whether the vector is a new vulnerability, a supply chain attack, a credential breach, or traditional malware, our goal is to assist our clients with reducing the impact of a security event should it occur. Aside from technology protections, this includes insuring your organization has a clearly defined incident response plan and has identified acceptable recovery time objectives and implemented appropriate systems to support those objectives.

We continue to invest in security protections and remediations to minimize attack surfaces and to mitigate risk for our clients and will update the InnerCircle client community on these efforts. If you have any questions about this incident or you would like to review your firm’s security posture more generally, please do not hesitate to contact us.