CVE-2021-40444 MSHTML

Question

Microsoft states that their Defender for Endpoint products protect against CVE-2021-40444 (MSHTML). Do we have the same protection in Intercept X products?

Brian Ritchie · Accepted Answer

Robert - Labs is working on this actively - you can follow twitter updates here: https://twitter.com/SophosLabs/status/1435368778200666112?s=20 
 Here is also some guidance from Paul Ducklin: https://nakedsecurity.sophos.com/2021/09/08/windows-zero-day-mshtml-attack-how-not-to-get-booby-trapped/ 
 For InterceptX, SophosLabs has seen this being used in the wild, and have already published protection for components including Troj/DocDl-AEEP, and for payloads including Troj/Agent-BHRO and Troj/Agent-BHPO. 
 We have published additional generic detections for this attack as well, including Exp/2140444-A for the initial DOCX attacks, Troj/JSExp-W for the remote HTML that the documents access, and Troj/Cabinf-A for the CAB. 
 @Alex - Checking on a query for you and will post it here for everyone.

CVE-2021-40444 MSHTML

Top Replies