Security News > 2021 > September > Windows MSHTML zero-day exploits shared on hacking forums
Threat actors are sharing Windows MSHTML zero-day tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks.
Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim's computer remotely.
These mitigations work by blocking ActiveX controls and Word/RTF document previews in Windows Explorer.
When Microsoft first disclosed the Windows MSHTML zero-day, tracked as CVE-2021-40444, security researchers quickly found the malicious documents used in attacks.
Threat actors have been able to reproduce the exploit on their own from information, and malicious document samples posted online and have begun sharing detailed guides and information on hacking forums.
Microsoft has also provided the following mitigations to block ActiveX controls in Internet Explorer, the default handler for the MSHTML protocol, and block document preview in Windows Explorer.
News URL
Related news
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 0.0 |