image credit: Vecteezy

Latest Microsoft zero-day being actively exploited

September 9, 2021


Security analysts are once again warning of another zero-day vulnerability in Microsoft products after reports emerged of active exploitation of CVE-2021-40444, a remote code execution (RCE) vulnerability in the MSHTML component of Internet Explorer (IE) on Windows 10 and several Windows Server versions.

The zero-day was uncovered by researchers from EXPMON and Mandiant, and can be exploited by crafting a malicious ActiveX control to be used by a Microsoft Office 365 document that hosts MSHTML (aka Trident), the rendering engine used by IE and succeeded by EdgeHTML in the newer Edge browser. There is currently no available patch.

Read More on Computer Weekly