Microsoft has issued a security alert on an actively exploited zero-day vulnerability in Internet Explorer that is being leveraged to hijack vulnerable Windows systems using weaponized Office documents.
The remote code execution vulnerability dubbed CVE-2021-40444 (CVSS score: 8.8), is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer that is utilized in Office to generate web content inside Word, Excel, and PowerPoint documents.
“Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said.
For more such updates follow us on Google News ITsecuritywire News.
