- WHY AVERTIUM?
-
-
Why Avertium?
Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
-
Considering Microsoft?
Avertium Named Microsoft Security Solutions PartnerAvertium’s managed services for Microsoft Security Solutions is delivered through the company’s premium service: Fusion MXDR. Fusion MXDR includes 24x7 monitoring and management of Defender for Endpoint and Sentinel, threat intelligence, attack surface
monitoring, and vulnerability management for Microsoft Security customers.
-
-
- SOLUTIONS
- COMPANY
- PARTNERS
-
-
Our Partners
Best-in-class technology from our partners... backed by service excellence from Avertium.
-
Partner Opportunity Registration
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
-
-
- NEWS & RESOURCES
- CONTACT
Overview
On September 7, 2021, Microsoft released a statement warning of targeted attacks attempting to exploit a remote code vulnerability found in Office 365 and Office 2019 on Windows 10. The vulnerability involves a zero-day remote code execution in MSHTML, which is Internet Explorers main HTML component.
CVE-2021-40444 is a vulnerability that becomes exploited when attackers create specially crafted, malicious Microsoft Office documents using ActiveX control. After sending the document, the attacker then tries to convince the victim to open the document so they can gain user rights on a system. Victims with administrative user rights over documents are more susceptible to these attacks than those who have less user rights.
Cyber Security researchers state that the exploit uses logical flaws and is dangerous – with a rating of 8.8 out of 10 on the Common Vulnerability Scoring System. There are currently no patches for the vulnerability, but Microsoft has published mitigations and workarounds to help keep your organization safe. If you have not already taken the steps to help protect your systems, please do so now by reading our recommendations below.
CVEs
CVE-2021-40444
How Avertium is Protecting Our Customers
We are currently pushing known IoCs to our managed SIEMs.
Recommendations
- Don’t open documents without being sure of the origin.
- Disable ActiveX controls in Internet Explorer.
- Be sure all documents from the internet are opened in Protected View or in Application Guard for Office. Opening in these programs ensures protection when opening documents from unknown/unexpected senders. Opening in Protected View or in Application Guard is Microsoft’s default, but you should never disable it.
Indicators of Compromise (IoCs)
- https://joxinu.com/ml[.]html
- http://45.147.229[.]242:22
- http://45.147.229[.]242:443
- http://dodefoh[.]com/
- 6eedf45cb91f6762de4e35e36bcb03e5ad60ce9ac5a08caeb7eda035cd74762b
- https://dodefoh.com/hr[.]html
- https://dodefoh[.]com/tab_shop_active
- http://hidusi[.]com/e8c76295a5f9acb7/
- 1d2094ce85d66878ee079185e2761beb
- 53b31e513d8e23e30b7f133d4504ca7429f0e1fe
- 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52
- http://dodefoh[.]com
- http://hidusi[.]com/e8c76295a5f9acb7/ministry.cab
- http://hidusi[.]com/e8c76295a5f9acb7/side.html
- dodefoh[.]com
- hidusi[.]com
- 0b7da6388091ff9d696a18c95d41b587
- 4c80dc9fb7483214b1613957aae57e2a
- e770385f9a743ad4098f510166699305
- 56a8d4f7009caf32c9e28f3df945a7826315254c
- 6c10d7d88606ac1afd30b4e61bf232329a276cdc
- e5f2089d95fd713ca3d4787fe53c0ec036135e92
- 1fb13a158aff3d258b8f62fe211fabeed03f0763b2acadbccad9e8e39969ea00
- d0fd7acc38b3105facd6995344242f28e45f5384c0fdf2ec93ea24bfbc1dc9e6
- 104.194.10[.]21
- 45.147.229[.]242
- http://dodefoh[.]com/tab_shop_active
- http://joxinu[.]com/ce
- http://joxinu[.]com/tab_shop_active
- joxinu[.]com
- bd4b9f4b79f8a9eedc12abe3919cecb041c61022485b87b3a5cdfd1891e30670
- macuwuf[.]com
- http://dodefoh[.]com/ml.html?dbprefix=false
- http://dodefoh[.]com/static-directory/media.gif
- http://dodefoh[.]com:443/
- http://joxinu[.]com/hr.html?dbprefix=false
- https://dodefoh[.]com/static-directory/media.gif
- https://macuwuf[.]com/get_load
- 108.62.118[.]69
- 45.153.241[.]127
- 23.106.160[.]25
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
https://redmondmag.com/articles/2021/09/07/microsoft-warns-malicious-office-docs.aspx
https://redmondmag.com/articles/2021/09/07/microsoft-warns-malicious-office-docs.aspx
