Security News > 2021 > September > Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML, to compromise Windows/Office users in "a limited number of targeted attacks," Microsoft has warned on Tuesday.

CVE-2021-40444 is a set of logical flaws that can be leveraged by remote, unauthenticated attackers to execute code on the target system.

We have reproduced the attack on the latest Office 2019 / Office 365 on Windows 10, for all affected versions please read the Microsoft Security Advisory.

The attackers are flinging specially-crafted Microsoft Office documents at targets.

"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document," Microsoft explained.

The company also noted that "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," and that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default, and that this prevents the current attacks.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/mFh1aZEXVhE/