New Microsoft Vulnerability, MSHTML RCE, Under Active Attack

Microsoft Alerts of New Zero-Day Flaw in Windows

Microsoft released a security alert yesterday announcing a newly discovered flaw for a remote code execution (RCE) in MSHTML that is currently being exploited. MSHTML, also known as Trident, is a component used as a browser rendering engine for Microsoft Office documents. Attackers are using this zero-day vulnerability to weaponize Office documents so when they’re opened, a malware is download that can run arbitrary code to infect the system.

The Microsoft Security Response Center stated in its advisory that “an attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document.” No patch is currently available, as it is still under investigation, but Microsoft has offered mitigations and workarounds. For more information, view the full Microsoft Security Update Guide on CVE-2021-40444.

Numerous industry and Federal cybersecurity officials have also taken notice, urging users to be cautious when opening Office files from sources that aren’t fully trusted. Shortly after Microsoft, the Cybersecurity and Infrastructure Security Agency (CISA) released its own advisory, alerting users and administrators of the vulnerability and encouraging them to implement Microsoft’s recommended mitigations to avoid risk of compromise. View the CISA advisory here.

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.