IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft patches Internet Explorer zero-day under active attack

The latest wave of Patch Tuesday fixes also included several updates to address the Print Spooler component in Windows

Microsoft has issued a fix for an actively exploited zero-day vulnerability embedded in the browser engine that powers legacy Internet Explorer as part of its latest wave of Patch Tuesday updates.

Users are being urged to apply the patch for the vulnerability tracked as CVE-2021-40444, which has been exploited in limited, targeted attacks prior to being disclosed last week.

This flaw, rated 8.8 out of ten on the CVSS threat severity scale, is a remote code execution flaw embedded in the MSHTML browser engine that powers Internet Explorer. It allows hackers to craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser engine, which they then trick victims into opening. 

Researchers with EXPMON and Mandiant first detected the vulnerability before reporting this to Microsoft, with the former labelling the exploit as “a highly sophisticated zero-day attack”. They added that the exploit uses “logical flaws” so abusing the vulnerability is perfectly reliable and dangerous. 

This vulnerability has been fixed alongside 66 bugs in core Microsoft products and 20 flaws in the Chromium-based Edge browser as part of September’s Patch Tuesday round of fixes. The products affected this month include Azure, Office, SharePoint Server, Windows, Windows DNS and the Windows Subsystem for Linux. 

Related Resource

Challenging the rules of security

Protecting data and simplifying IT management with Chrome OS

Whitepaper front coverFree download

Of the vulnerabilities highlighted in this month’s round of updates is yet more fixes for flaws in the Print Spooler component, which gave Windows users and IT admins several headaches earlier in the year. 

The latest flaws - tracked as CVE-2021-38671, CVE-2021-38667 and CVE-2021-40447 - are all elevation of privilege flaws and haven’t been exploited in the wild, unlike many previous Print Spooler vulnerabilities. They have, however, all been assigned a rating of 7.8 out of ten on the CVSS threat severity scale.

They’ve also come alongside an update for the remote code execution flaw in Print Spooler tracked as CVE-2021-36958, which was first disclosed on 11 August. This vulnerability was first discovered in December 2020, and allows an attacker to run arbitrary code on targeted machines with system-level privileges. This then lets them install programmes as well as view and edit data. Microsoft said last month that a functional exploit code was available, but that there were no signs it was being abused.

This round of Patch Tuesday updates dwarfs the 44 fixes released in August, although Microsoft generally tends to patch far more in any given month. For instance, the July wave of updates, for example, included patches for 117 separate vulnerabilities in Microsoft products.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Microsoft identifies sophisticated Hive ransomware variant written in Rust
Security

Microsoft identifies sophisticated Hive ransomware variant written in Rust

6 Jul 2022
Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Latest LockBit ransomware strain 'strikingly similar' to BlackMatter
ransomware

Latest LockBit ransomware strain 'strikingly similar' to BlackMatter

4 Jul 2022