Microsoft states that their Defender for Endpoint products protect against CVE-2021-40444 (MSHTML). Do we have the same protection in Intercept X products?
Robert - Labs is working on this actively - you can follow twitter updates here: https://twitter.com/SophosLabs/status/1435368778200666112?s=20
Here is also some guidance from Paul Ducklin: https://nakedsecurity…
Here is also some guidance from Paul Ducklin: https://nakedsecurity.sophos.com/2021/09/08/windows-zero-day-mshtml-attack-how-not-to-get-booby-trapped/
For InterceptX, SophosLabs has seen this being used in the wild, and have already published protection for components including Troj/DocDl-AEEP, and for payloads including Troj/Agent-BHRO and Troj/Agent-BHPO.
We have published additional generic detections for this attack as well, including Exp/2140444-A for the initial DOCX attacks, Troj/JSExp-W for the remote HTML that the documents access, and Troj/Cabinf-A for the CAB.
@Alex - Checking on a query for you and will post it here for everyone.
Thank you for the information Brian!