CVE-2021-26435
published 2021-09-15CVE-2021-26435: Windows Scripting Engine Memory Corruption Vulnerability
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Windows Scripting Engine Memory Corruption Vulnerability
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19060 | 10.0.10240.19060 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4651 | 10.0.14393.4651 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2183 | 10.0.17763.2183 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1801 | 10.0.18363.1801 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1237 | 10.0.19041.1237 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1237 | 10.0.19042.1237 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1237 | 10.0.19043.1237 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20120 | 6.3.9600.20120 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21218 | 6.0.6003.21218 |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23462 | 6.2.9200.23462 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20120 | 6.3.9600.20120 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4651 | 10.0.14393.4651 |
Microsoft
Windows Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2021-09-14·CVSS 8.1
CVE-2021-26435 [HIGH] Windows Scripting Engine Memory Corruption Vulnerability
Windows Scripting Engine Memory Corruption Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires that a user open a specially crafted file.
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of
GHSA
GHSA-cwg6-433x-8j82: Windows Scripting Engine Memory Corruption Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-26435 [HIGH] CWE-787 GHSA-cwg6-433x-8j82: Windows Scripting Engine Memory Corruption Vulnerability
Windows Scripting Engine Memory Corruption Vulnerability
No detection rules found.
No public exploits indexed.
Talos
Threat Source newsletter (Sept. 16, 2021)
blogs_talos·2021-09-16
Threat Source newsletter (Sept. 16, 2021)
Good afternoon, Talos readers.
It's a bird, it's a plane, it's a rat!
We've been tracking a series of trojans targeting the aviation industry, and trying to lure victims in by sending them spam related to flight itineraries and other transportation news. In our latest blog post, we discuss how we've followed the actor behind these attacks, and what we can learn about tracking a threat actor in the future.
This week was also Patch Tuesday, so you'll want to update your Microsoft products as soon as possible if you haven't already. Most notably, there's an official update to patch the high-profile MSHTML vulnerability.
## Upcoming Talos public engagements
Chats, Cheats, and Cracks: Abuse of Collaboration Platforms in Malware Campaigns at BSides Charlotte
Speaker: Edmund Brumaghin
Date
Talos
Threat Source newsletter (Sept. 16, 2021)
blogs_talos·2021-09-16
Threat Source newsletter (Sept. 16, 2021)
## Threat Source newsletter (Sept. 16, 2021)
Good afternoon, Talos readers.
It's a bird, it's a plane, it's a rat!
We've been tracking a series of trojans targeting the aviation industry, and trying to lure victims in by sending them spam related to flight itineraries and other transportation news. In our latest blog post , we discuss how we've followed the actor behind these attacks, and what we can learn about tracking a threat actor in the future.
This week was also Patch Tuesday , so you'll want to update your Microsoft products as soon as possible if you haven't already. Most notably, there's an official update to patch the high-profile MSHTML vulnerability .
## Upcoming Talos public engagements
Chats, Cheats, and Cracks: Abuse of Collaboration Platforms in Malware Campaigns at
Qualys
Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
blogs_qualys·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
## Microsoft Patch Tuesday – September 2021
Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability
This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.
Talos
Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Holger Unterbrink.
Microsoft released its monthly security update Tuesday, disclosing 85 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execution vulnerability disclosed earlier this month in MSHTML.
CVE-2021-40444 is being actively exploited in the wild, according to Microsoft, and proof-of-concept code is now available, potentially widening the potential for attacks exploiting this vulnerability. This is the first official Microsoft update to address this issue. Talos has additional protection available here.
Users should download this patch immediately. Additionally, they can disable the installation of all ActiveX controls in Internet Explorer to m
Trendmicro
September Patch Tuesday: 66 Bulletins, Only 3 Critical
blogs_trendmicro·2021-09-14·CVSS 8.1
[HIGH] September Patch Tuesday: 66 Bulletins, Only 3 Critical
Exploits & Vulnerabilities
# September Patch Tuesday: 66 Bulletins, Only 3 Critical
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins.
By: Trend Micro
2021/09/14
Read time: ( words)
Save to Folio
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins. Eleven of these bulletins fixed vulnerabilities that were disclosed to Microsoft via the Zero Day Initiative. Overall, the month offers system administrators a chance to catch up on other necessary tasks.
Only 3 Critical Patches for September
As mentioned previou
Talos
Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Holger Unterbrink.
Microsoft released its monthly security update Tuesday, disclosing 85 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execution vulnerability disclosed earlier this month in MSHTML .
CVE-2021-40444 is being actively exploited in the wild, according to Microsoft, and proof-of-concept code is now available, potentially widening the potential for attacks exploiting this vulnerability. This is the first official Microsoft update to address this issue. Talos has additional protection available here .
Users should download this patch immediately. Addition
Qualys
Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities | Qualys
blogs_qualys·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities | Qualys
### Microsoft Patch Tuesday – September 2021
Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important.
#### Critical Microsoft Vulnerabilities Patched
CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability
This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patchi
Crowdstrike
September 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] September 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-09-15
Published