[TheRecord] Microsoft warns of new IE zero-day exploited in targeted Office attacks

Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.

Tracked as CVE-2021-40444, the vulnerability impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.

While MHTML was primarily used for the now-defunct Internet Explorer browser, the component is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said in an advisory today.

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” the OS maker added.

Microsoft said the attacks and the underlying zero-day were discovered by security researchers from Mandiant and EXPMON.

CVE-2021-40444 – Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

Rick Cole (MSTIC)
Dhanesh Kizhakkinan of Mandiant
Haifei Li of EXPMON
Bryce Abdo of Mandianthttps://t.co/q87XlO2vew

— Andrew Thompson (@ImposeCost) September 7, 2021

💥💥⚡️⚡️
EXPMON system detected a highly sophisticated #ZERO-DAY ATTACK ITW targeting #Microsoft #Office users! At this moment, since there’s no patch, we strongly recommend that Office users be extremely cautious about Office files – DO NOT OPEN if not fully trust the source!

— EXPMON (@EXPMON_) September 7, 2021

Details about the attacks, their targets, and the attacker(s) exploiting this zero-day have not been made public.

Microsoft is expected to release a patch next week, during the company’s regular security servicing window, known as Patch Tuesday.

In the meantime, the OS maker says that companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. Instructions on how to do so were included with the company’s security advisory.

The post Microsoft warns of new IE zero-day exploited in targeted Office attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Microsoft Adds Power Platform to Bug Bounty Program

All posts, Security Week

Microsoft this week announced that it is now accepting vulnerability submissions for the Power Platform. Security researchers who hunt for and report security errors in Power Platform can now earn up to $20,000 in bounty rewards for severe flaws, as part of the recently rebranded Dynamics 365 and Power Platform Bounty Program. read more Source: […]

Read More

Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise […]

Read More

[ZDNet] Microsoft adds second CVE for PrintNightmare remote code execution

All posts, ZDNet

While PrintNightmare has been known as CVE-2021-1675 this week, Microsoft has now thrown CVE-2021-34527 into the mix. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.