New 0-Day Flaw Targets Windows Systems With Microsoft Office Documents

12
New 0-Day Flaw Targets Windows Systems With Microsoft Office Documents

Microsoft has issued a security alert on an actively exploited zero-day vulnerability in Internet Explorer that is being leveraged to hijack vulnerable Windows systems using weaponized Office documents.

The remote code execution vulnerability dubbed CVE-2021-40444 (CVSS score: 8.8), is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer that is utilized in Office to generate web content inside Word, Excel, and PowerPoint documents.

“Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said.

For more such updates follow us on Google News ITsecuritywire News.