Zero-day vulnerability CVE-2021-40444 in Office 365 affects all Microsoft clients worldwide. No patch available

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Microsoft security teams issued an alert to ask users of Windows systems to take appropriate measures to prevent the exploitation of a zero-day MSHTML vulnerability of remote code execution through malicious documents from the Microsoft Office suite. The flaw was tracked as CVE-2021-40444, although due to the latent risk of exploitation the company has not revealed further details about it.

According to the report, successful exploitation of the flaw would allow threat actors to create a malicious ActiveX control that would be employed by a Microsoft Office document hosting the browser’s rendering engine.

To complete the attack, malicious hackers would have to trick the target user into opening the infected document. In addition, users whose accounts are configured for least-privilege use might be less exposed to this attack variant.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert about the vulnerability, recommending Windows users and system administrators implement some of the temporary fixes issued by Microsoft.

The investigation is

Read the article