CVE Series: MSHTML Vulnerability (CVE-2021-40444)

The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a threat actor to execute code on a victim’s machine. In this advanced course, you will exploit and mitigate this vulnerability in a secure lab environment, giving you the skills you need to protect your organization.

Time
1 hour 47 minutes
Difficulty
Advanced
CEU/CPE
2
5.0
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Course Content
CVE-2021-40444 Introduction and Background
10m
Conditions for the MSHTML (CVE-2021-40444) Vulnerability
10m
Exploiting CVE-2021-40444 (Lab)
45m
Application and Use for Pentesters and Red Teamers
1m

2.1CVE-2021-40444 Root Cause and Mitigation

10m

2.2Mitigate CVE-2021-40444 (Lab)

30m

2.3CVE-2021-40444 Summary

1m
Course Description

Who should take this course?

This MSHTML Vulnerability (CVE-2021-40444) course is designed for an advanced-level learner, someone who is a seasoned offensive security professional, SOC analyst, or Windows system administrator, who wants to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

What are the prerequisites for this course?

You will gain the most benefit from this course if you have a solid functional understanding of Windows as an operating system, including core Windows security components around web browsers, HTML, Javascript, and compression file formats.

Why should I take this course?

MSHTML Vulnerability (CVE-2021-40444) is a Windows remote code execution vulnerability that could allow a threat actor to execute code on a victim's machine via ActiveX from an MS Word (or Rich Text Format) document without the functionality of macros. This course will show you how to exploit and mitigate this vulnerability in a secure virtual lab environment so you can better protect your organization.

What makes this course different from other courses on similar topics?

This course covers a critical vulnerability that could affect your organization. Matt Mullins is a seasoned professional in the offensive security field with over a decade of experience. He has worked in medical, financial, and government spaces and has led multiple Red Team engagements, ranging from a few weeks to a year, and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

Why should I take this course on Cybrary and not somewhere else?

This course enables you to learn from one of the foremost experts in the field and ensures your readiness to recognize and mitigate this CVE. Defenders will know how to protect their organization against this vulnerability. Offensive teams will be able to exploit this vulnerability. Our on-demand format affords you the flexibility to learn at your own pace.

Instructed By
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a CVE Series: MSHTML Vulnerability (CVE-2021-40444) Certificate of Completion

Skillset