Microsoft acknowledges Windows zero-day vulnerability based on malicious Office files

2 min. read

Published onSeptember 8, 2021

published onSeptember 8, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft hasacknowledged a new zero-day vulnerabilityin all versions of Windows that is currently being exploited by attackers. The company says that a remote code execution vulnerability has been found in MSHTML, which can be used to create malicious Microsoft Office documents (viaBleeping Computer).

“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” the company explained.

The remote code execution vulnerability, under the identifier CVE-2021-40444, was discovered by researchers from different cybersecurity companies, including Microsoft Security Response Center, EXPMON, and Mandiant. The vulnerability, when exploited, impacts theInternet Explorer’s browser rendering engine MSHTML, which is also used to render browser-based content in Microsoft Office files on Windows.

The Redmond giant is already working on a fix and plans to release a security update on this month’s Patch Tuesday or through an out-of-band update. In the meantime, users can protect PCs by keeping antimalware products (i.e., Microsoft Defender Antivirus and Defender for Endpoint) up to date. The company also advises users to disable the installation of ActiveX controls in Internet Explorer to mitigate any potential attack. We invite you to check outMicrosoft’s Security Advisory pagefor more information about these workarounds.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft acknowledges Windows zero-day vulnerability based on malicious Office files#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft acknowledges Windows zero-day vulnerability based on malicious Office files