一、漏洞详情
MSHTML(又称为Trident)是微软旗下的Internet Explorer浏览器引擎,虽然MHTML主要用于已被弃用的Internet Explorer浏览器,但该组件也应用于Office应用程序,以在Word、Excel或PowerPoint文档中呈现Web托管的内容。
微软MSHTML引擎存在代码执行漏洞,漏洞编号为CVE-2021-40444。攻击者通过制作包含恶意ActiveX的Offce文档,诱导用户打开,从而实现远程代码执行。当用户主机启用了ActiveX控件,攻击者可通过该漏洞控制受害者主机。
目前,微软官方暂未发布针对此漏洞的补丁程序,鉴于此漏洞已被检测到在野利用,建议受影响的用户尽快自查并采用措施缓解此漏洞。
二、影响范围
CVE-2021-40444主要影响以下Windows版本:
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
三、修复建议
目前微软暂未提供安全补丁用于修复此漏洞,但可以通过禁用ActiveX控件的方式进行缓解,操作过程如下(警告:如果注册表编辑器使用不当,可能会导致严重的问题,可能需要重新安装操作系统,建议做好备份再执行操作):
使用注册表文件禁用 ActiveX 控件:
1、将以下内容粘贴到文本文件中并使用 .reg 文件扩展名保存:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]1001=dword:000000031004=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]1001=dword:000000031004=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]1001=dword:000000031004=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]1001=dword:000000031004=dword:00000003
2、双击运行该.reg文件,应用相关配置,然后重启计算机。