"Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows"

Attackers are actively exploiting a flaw in Microsoft Windows that has not been patched yet. In a recently released security alert, Microsoft says the remote execution vulnerability exists in MSHTML, also known as Trident, an HTML engine built into Windows that allows the operating system to read and display HTML files. Trident has been built into Windows since the debut of Internet Explorer (IE) over 20 years ago. Although Microsoft has been gradually retiring IE in support of its newer Edge browser, the MSHTML component is still used by Microsoft Office. The newly discovered vulnerability, designated CVE-2021-40444, allows an attacker to craft a malicious ActiveX control to be used by a Microsoft Office document hosting the browser rendering engine. After which, the attacker would have to trick the user into opening the malicious document. The continued prevalence of malicious macro attacks shows that this attack remains feasible. Microsoft adds that users whose accounts have fewer system rights could be less impacted than those who have administrative user rights. Code for exploiting the vulnerability has not yet been made available to the public. As there is no patch for this flaw yet, Office users are urged to be extremely cautious about Office files. One workaround recommended by Microsoft is to disable the installation of all new ActiveX controls in Windows. This article continues to discuss the exploitation and severity of the MSHTML flaw, as well as suggested mitigations and workarounds. 

BankInfoSecurity reports "Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows"