Microsoft security teams issued an alert to ask users of Windows systems to take appropriate measures to prevent the exploitation of a zero-day MSHTML vulnerability of remote code execution through malicious documents from the Microsoft Office suite. The flaw was tracked as CVE-2021-40444, although due to the latent risk of exploitation the company has not revealed further details about it.
According to the report, successful exploitation of the flaw would allow threat actors to create a malicious ActiveX control that would be employed by a Microsoft Office document hosting the browser’s rendering engine.
To complete the attack, malicious hackers would have to trick the target user into opening the infected document. In addition, users whose accounts are configured for least-privilege use might be less exposed to this attack variant.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert about the vulnerability, recommending Windows users and system administrators implement some of the temporary fixes issued by Microsoft.
The investigation is
Read the article