Security News > 2021 > September > Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
A recently reported security vulnerability in Microsoft's MSHTML browser engine is being found all over the world, and Kaspersky said it "Expects to see an increase in attacks using this vulnerability."
To make matters worse, the vulnerability is easy to exploit: All an attacker has to do is send a Microsoft Office document to the intended victim that contains a malicious script.
Like plenty of other attacks using malicious documents, the victim has to open the document in order to infect their machine with the attacker's actual payload, which is retrieved by the script in the document.
In the wild, Kaspersky said, most of the detected attacks install backdoors that give attackers additional access to the infected machine.
In situations where updating a Windows system may be difficult, Microsoft has published workarounds that disable ActiveX via group policy, disabled ActiveX with a custom registry key and a Windows Explorer preview disable registry edit that will prevent scripts from being run in without fully opening a document.
News URL
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)