Microsoft warns of new IE zero-day exploited in targeted Office attacks
Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.
Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.
While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents.
“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said in an advisory today.
“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” the OS maker added.
Microsoft said the attacks and the underlying zero-day were discovered by security researchers from Mandiant and EXPMON.
Details about the attacks, their targets, and the attacker(s) exploiting this zero-day have not been made public.
Microsoft is expected to release a patch next week, during the company’s regular security servicing window, known as Patch Tuesday.
In the meantime, the OS maker says that companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so were included with the company’s security advisory.