Microsoft warns of new IE zero-day exploited in targeted Office attacks
Microsoft's security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.
Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.
While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents.
"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said in an advisory today.
"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine," the OS maker added.
Microsoft said the attacks and the underlying zero-day were discovered by security researchers from Mandiant and EXPMON.
— EXPMON (@EXPMON_) September 7, 2021
EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there's no patch, we strongly recommend that Office users be extremely cautious about Office files - DO NOT OPEN if not fully trust the source!
Details about the attacks, their targets, and the attacker(s) exploiting this zero-day have not been made public.
Microsoft is expected to release a patch next week, during the company's regular security servicing window, known as Patch Tuesday.
In the meantime, the OS maker says that companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so were included with the company's security advisory.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.