HP Inc. has discovered exploits of the zero-day CVE-2021-404441 remote code execution vulnerability, which allows hackers to use specially designed Microsoft Office documents to exploit the MSHTML browser engine.
HP discovered the vulnerability on September 8, six days before Microsoft provided a patch, and it’s another sign that hackers are scrambling to weaponize fresh zero-day flaws, according to HP Inc.’s Wolf Security Threats Insight Report. Hackers utilise zero-day vulnerabilities to compromise networks, data, and other critical functions because they were previously unknown or for which no patch has been released.
Attempts to exploit the vulnerability are said to be aimed at organizations in the R&D sector, the energy sector and large industrial sectors, banking and medical technology development sectors, telecommunications and the IT sector. HP revealed that its researchers discovered scripts to automate the attack on GitHub on September 10.
HP said that “Unless patched, the exploit enables attackers to compromise endpoints with very little user interaction,”
Alex Holland, a senior malware analyst on the HP Wolf Security threat research team, said “The average time for a business to apply, test and fully deploy patches with the proper checks is 97 days, giving cyber criminals an opportunity to exploit this window of vulnerability.”
Holland said “While only highly capable hackers could exploit this vulnerability at first, automated scripts have lowered the bar for entry, making this type of attack accessible to less knowledgeable and resourced threat actors,”