CVE-2021-40444: Microsoft Critical Vulnerability, exploited

A critical vulnerability present in all current versions of Windows and Windows server was discovered on September 7, 2021. Microsoft reports that this vulnerability is currently being actively exploited by malicious groups.

The vulnerability in Internet Explorer and Microsoft Office allows an attacker to take remote control of a server or a PC through documents containing malicious Active-X controls.

On its website, Microsoft reports that they will not be able to make a patch available until at least September 14. Microsoft’s proposed temporary workaround involves changing registry keys to disable installation of Active-X controls.

Refer to Microsoft’s site for detailed instructions:

Without the bypass measure, Office provides basic protection by asking the user to allow editing of the document by clicking the “Enable Editing” button. Under no circumstances should this permission be given.


It is important to implement the circumvention measure quickly to avoid becoming a victim of the malicious groups that exploit this vulnerability. As always, Sémafor Conseil can help you if necessary.

Leave a Comment

Your email address will not be published. Required fields are marked *

Windows Security



Others posts: