Microsoft warns of new IE zero-day exploited in targeted Office attacks

Microsoft's security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.

Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.

While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents.

"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said in an advisory today.

"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine," the OS maker added.

Microsoft said the attacks and the underlying zero-day were discovered by security researchers from Mandiant and EXPMON.

Details about the attacks, their targets, and the attacker(s) exploiting this zero-day have not been made public.

Microsoft is expected to release a patch next week, during the company's regular security servicing window, known as Patch Tuesday.

In the meantime, the OS maker says that companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so were included with the company's security advisory.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.