[TheRecord] Microsoft warns of new IE zero-day exploited in targeted Office attacks

Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.

Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.

While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said in an advisory today.

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” the OS maker added.

Microsoft said the attacks and the underlying zero-day were discovered by security researchers from Mandiant and EXPMON.

CVE-2021-40444 – Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

Rick Cole (MSTIC)
Dhanesh Kizhakkinan of Mandiant
Haifei Li of EXPMON
Bryce Abdo of Mandianthttps://t.co/q87XlO2vew

— Andrew Thompson (@ImposeCost) September 7, 2021

💥💥⚡️⚡️
EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there’s no patch, we strongly recommend that Office users be extremely cautious about Office files – DO NOT OPEN if not fully trust the source!

— EXPMON (@EXPMON_) September 7, 2021

Details about the attacks, their targets, and the attacker(s) exploiting this zero-day have not been made public.

Microsoft is expected to release a patch next week, during the company’s regular security servicing window, known as Patch Tuesday.

In the meantime, the OS maker says that companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so were included with the company’s security advisory.

The post Microsoft warns of new IE zero-day exploited in targeted Office attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SANS ISC] ISC Stormcast For Friday, October 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7696, (Fri, Oct 1st)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

[NCSC-FI News] ICANN rejects Ukraine’s request to block Russia from the internet

Russia and its websites will remain on the internet. In the meantime, both Anonymous and US companies are maintaining their pressure on Russia’s internet presence The letter from Göran Marby, ICANN’s CEO and president, tried to soften the blow, “ICANN stands ready to continue to support Ukrainian and global Internet security, stability, and resiliency.” But, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.