Microsoft warns of new IE zero-day exploited in targeted Office attacks
Image: The Record
Catalin Cimpanu September 7, 2021

Microsoft warns of new IE zero-day exploited in targeted Office attacks

Catalin Cimpanu

September 7, 2021

Microsoft warns of new IE zero-day exploited in targeted Office attacks

Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.

Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.

While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said in an advisory today.

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” the OS maker added.

Microsoft said the attacks and the underlying zero-day were discovered by security researchers from Mandiant and EXPMON.

Details about the attacks, their targets, and the attacker(s) exploiting this zero-day have not been made public.

Microsoft is expected to release a patch next week, during the company’s regular security servicing window, known as Patch Tuesday.

In the meantime, the OS maker says that companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so were included with the company’s security advisory.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.