Cybersecurity Bulletin – Microsoft Vulnerability CVE-2021-40444

open lock indicating security breach

Microsoft has made us aware of a new threat against Windows operating systems and Office products. Known as CVE-2021-40444 this vulnerability is being actively exploited so it’s crucial that you stay informed and take the necessary measures to minimize your risk.

What's Happening

CVE-2021-40444 is a vulnerability that could allow a bad actor to take control of a system using malicious files or websites. Bad actors are sending out malicious emails and documents (Word, etc.) that leverage this vulnerability. An example of such a malicious document can be found below.

Example of Malicious Document
Example of a Malicious Document

While antivirus has been proven to respond to some of these threats, out of an abundance of caution for our clients, KiteTech is taking the extra steps of disabling the features that rely on the underlying MSHTML engine that’s being exploited. This may impact some carrier websites and advanced features in certain Word/Excel documents that you use.

How to Minimize Your Risk

We’re learning from our security partners that while Microsoft’s recommendations help a great deal, they do not completely mitigate the threat. There are still ways this exploit can be used.

Be sure to consult with your IT provider or internal IT team to ensure that you are well protected. As always, be extra skeptical of any emails, files, or web links that you weren’t expecting. If you do receive a document via email that you weren’t expecting, please don’t open it. If you have any questions, reach out to your IT Provider.

KiteTech is Here to Help

For additional information on this vulnerability, check out this article by KiteTech partner, Huntress: The Kite Technology team is also here to help. If you’d like to learn more about how our Managed IT and Security Services can help your organization operate more securely, don’t hesitate to reach out. We are here to help!

Jason Gobbel

Jason Gobbel

Chief Solutions Officer
Kite Technology Group