Microsoft MSHTML Remote Code Execution Vulnerability
Identifier: CVE-2021-40444
Exploit or POC: Yes
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
Description: CVE-2021-40444 allows an attacker to remotely execute code on a host via the vulnerable MSHTML component. This vulnerability is actively being exploited and being used to install CobaltStrike payloads onto vulnerable hosts.
Mitigation recommendation: RedLegg recommends patching this vulnerability as soon as possible. Microsoft has offered alternative mitigation steps if patching is not possible at this time. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444.