What is CVE 2021 40444?

On September 7, 2021, Microsoft released an advisory on a zero-day (CVE-2021-40444) vulnerability in Microsoft MSHTML that adversaries are actively exploiting through Microsoft Office documents. Microsoft has provided workarounds as temporary mitigation until they release a patch.

What is MSRC Microsoft?

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.

When was the CVE published in the security advisory of Microsoft?

September 7, 2021
On September 7, 2021, Microsoft released a security advisory for CVE-2021-40444 containing a partial workaround. As a routine in these instances, Microsoft was working to ensure that the detections described in the advisory would be in place and a patch would be available before public disclosure.

What does CVE stand for?

Common Vulnerabilities and Exposures
CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number. Security advisories issued by vendors and researchers almost always mention at least one CVE ID.

What does MSRC stand for?


Acronym Definition
MSRC Microsoft Security Response Center
MSRC Major Shared-Resource Center (Army Research Laboratory)
MSRC Major Shared Resource Center
MSRC Modular Software Programmable Radio Consortium

What are the most common vulnerabilities found in Windows 10?

Top 10 Windows 10 Vulnerabilities

  • Microsoft Windows Journal Vulnerability (MS15-098)
  • Internet Explorer Vulnerabilities (MS15-079)
  • Microsoft Graphics Component Vulnerabilities (MS15-080)
  • Microsoft Edge Vulnerabilities (MS15-091)
  • Windows 10 Mount Manager Vulnerability (CVE-2015-1769, MS15-085)

What is a CVE release?

CVEs are for software that has been publicly released; this can include betas and other pre-release versions if they are widely used. Commercial software is included in the “publicly released” category, however custom-built software that is not distributed would generally not be given a CVE.

What is CVE patching?

What is CVE? The CVE (Common Vulnerabilities and Exposures) number is a unique identifier used by vendors such as Microsoft, RedHat, and Adobe to catalog individual vulnerabilities where patches are provided as a resolution. For example, every page of a book has a unique number.