Testing for CVE-2021-40444 vulnerability

There are current concerns around:

Microsoft MSHTML Remote Code Execution Vulnerability

which is yet to have a patch made available.

I found this excellent article:

CLICK ME IF YOU CAN, OFFICE SOCIAL ENGINEERING WITH EMBEDDED OBJECTS

which provide some PowerShell scripts to create Word documents that can be used to test for the vulnerability.

I have run these scripts to create the actual Word documents and uploaded them for you here:

Office365/example at master · directorcia/Office365 (github.com)

2021-09-11_10-21-14

In both cases, when you open these documents, you should NOT be able to get CALC.EXE to execute on your system unlike what you see above and below.

test2-screen

I have also added these tests to my security testing script which you can download from my GitHub repo here:

Office365/sec-test.ps1 at master · directorcia/Office365 (github.com)

image

When I opened these documents in my production environment, the vulnerability was largely blocked thanks to Windows ASR which I have detailed previously:

Attack surface reduction for Windows 10

You can use the follow KQL query as I did above to view the result of this blocking if you are using something like Azure Sentinel like I am:

Another great security add on for Microsoft 365

KQL:

DeviceEvents
| where ActionType startswith ‘Asr’

Need to Know podcast–Episode 273

Listen along as I speak with IT business owner David Nicholls from Solve Business Services on his journey to becoming a ‘modern’ cloud IT Professional. David shares the successful processes and approaches he has taken to ‘transform’ his business to be providing cloud support services.

Also, plenty of news and updates from the Microsoft Cloud, including the announcement date for Windows 11. so tune in to stay up to date.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020.

Brought to you by www.ciaopspatron.com

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

Episode 273 – David Nicholls (podbean.com)

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

David Nicholls – Web, Linkedin

Windows 11 available on October 5

Windows 11 preview is now available on Azure Virtual Desktop

Introducing Microsoft Defender for Endpoint Plan 1

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

Announcing Apple M1 native support for Microsoft Defender for Endpoint

Simplifying the Quarantine Experience

Securing your Windows 365 Cloud PCs

Troubleshoot Windows 365 Business Cloud PC setup issues

Power Platform Community Monthly Webinar – October 2021

image

Join us for our next Power Platform Community webinar. The idea behind these is to share the latest news and event about the Microsoft Power Platform as well as share some of the things that we have learned recently in the hope that it can help others.


There’ll be 3 major presenters:
Andrew Gallagher
Bill Mallet
Yeoman Yu

who’ll share their knowledge, answer any questions you may have and then provide a tutorial into using power Automate.


Come and join us by registering here:


https://bit.ly/ppc1021


If you wish to join our community and be part of the regular discussion and participation on the Microsoft Power Platform you can join via:
CIAOPS Patron
(look for the Power Platform option here to join us).
We look forward to seeing you on the webinar.

CIAOPS Need to Know Microsoft 365 Webinar – September

laptop-eyes-technology-computer

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at the newly announced Windows 365 and how it plays into the modern workplace.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite! Yeah Teams webinars.

You can register for the regular monthly webinar here:

September Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – September 2021
Thursday 30th of September 2021
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Power Platform Community September webinar

After recently

Announcing the CIAOPS Patron Power Platform community – CIAOPS

I’m pleased to say that we have also kicked off the first of our monthly webinars. The recording is available here:

Patron Power Platform Community September Webinar – YouTube

and the slides are here:

https://www.slideshare.net/directorcia/patron-power-platfom-community-september-2021-webinar

Let us know what you think and watch out for our new webinar in October.

Verify Endpoint Manager Service release

image

To verify the release you are on with your Microsoft Endpoint Manager environment, navigate to:

https://endpoint.microsoft.com

1. Select, Tenant administration from the menu on the left.

2. Ensure that Tenant details is selected as shown above.

3. Look for the Service release heading on the right as shown above.

The version number here is also linked to:

What’s new in Microsoft Intune

which provides more granular information about what capabilities have been added to the environment.

Remember, these service updates occur regularly, so ensure you check the updates regularly.

Power Platform Community Monthly Webinar – September 2021

image

Join us for our first Power Platform Community webinar. The idea behind these is to share the latest news and event about the Microsoft Power Platform as well as share some of the things that we have learned recently in the hope that it can help others.

There’ll be 3 major presenters:

Andrew Gallagher

Bill Mallet

Yeoman Yu

who’ll share their knowledge, answer any questions you may have and then provide a tutorial into using Microsoft Forms as a trigger for Power Automate.

Come and join us by registering here:

https://bit.ly/ppc0921

If you wish to join our community and be part of the regular discussion and participation on the Microsoft Power Platform you can join via:

CIAOPS Patron

(look for the Power Platform option here to join us).

We look forward to seeing you on the webinar.