September 15, 2021
Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. An attacker could craft a malicious ActiveX control to be used in a Microsoft Office document and would then have to convince the user to open the affected document.
This type of attack could impact a public safety agencies' ability to operate and easily take over a system. For example, when Office opens a document, it checks to see if it originated from the Internet. If so, Microsoft will open the document in "Protected View" and have a warning before a user clicks on "Enable Editing." Unfortunately, many users tend to ignore the warning and choose to edit, which will allow the vulnerability to impact the system through malicious ActiveX controls. Accounts configured to have fewer user rights on the system could be less impacted than accounts that operate with administrative user rights.
CISA encourages users and administrators to review Microsoft's Advisory and to implement the mitigations and workarounds. In addition, we strongly encourage you to sign up for U.S. Computer Emergency Readiness Team (US-CERT) alerts at us-cert.cisa.gov to receive timely, important updates. Visit cisa.gov/publication/communications-resiliency for additional cyber and communications resiliency resources.
Cybersecurity and Infrastructure Security Agency
Defend Today Secure Tomorrow