Zero day bugs, succinctly described as “the malicious actors got here first” occur where software manufacturers, in this case Microsoft, were “zero days” ahead of the bad guys. As it stands, there currently is no patch for this ailment. From what is currently know about the Windows Zero Day CVE-2021-40444 bug, the infiltration can occur as follows:

  • A malicious Microsoft Office file is opened from the internet. This can either be delivered as an email attachment or by downloading the file from a compromised web link.
  • Active X control (embedded code) is included in this document. This code should not have unrestricted access to your computer.
  • Once the Active X code has access to your device is activates the Windows MSHTML component which is used primarily for viewing HTML based web pages. The Active X code exploits a vulnerable bug in the MSHTML component, giving it the same level of control as you have to view web pages. This allows the interloper to implant the malware of their choice onto the infected device.

HTML bugs can have cascading negative repercussions once ensconced in your device. While primarily connected with web browsing, a myriad of other business applications utilise HTML to facilitate the rendering and display of web-based content. The implication of this is that CVE-2021-40444 can enable cybercriminals to probe for vulnerabilities in many aspects of your operating system’s web-rendering code.

Mitigating the Threat

Until Microsoft patch this vulnerability, there are a number of steps you can take to reduce the risk of infection to your organisation from the Windows Zero Day CVE-2021-40444:

  1. Avoid opening any documents that you weren’t expecting to receive.
  2. Avoid the temptation of breaking out of Office Protected View.
  3. Consider enforcing Protected View permanently for all external content. To learn more about the utility and importance of Protected View, click here.
  4. Disable ActiveX controls that use the MSHTML web renderer. To learn more about how to enable or disable Active X settings in Office files, click here.
  5. Thoroughly communicate best practice guidelines for web security among all staff to help adherence. As with everything related to IT security, the weakest link in the chain will always be the human element.

Follow us on Twitter and LinkedIn for updates on this ongoing threat.


Damien Mallon, Senior Systems Engineer, Datapac

register for upcoming events

Register for upcoming events

  • Datapac provides IT services to Glanbia
  • Datapac provides ICT infrastrure to Holfeld Plastics