Microsoft warning for zerodayleak Internet Explorer with Office documents
Microsoft has issued a warning for a zerodaylek in Internet Explorer, where it operates through Office documents to any other. The vulnerability is located in MSHTML, which is the Microsoft-developed browser engine in Internet Explorer. MSHTML in Office applications, is used to display web content in a document.
As now observed the attack send the attackers and their targets to a Microsoft Office file. If the user of this document is to open a malicious ActiveX control the malware infection is loaded in the system.
The vulnerability CVE-2021-40444 , has a severity of 8,8. The vulnerability is present in all supported versions of Windows. An update isn’t available yet, but Microsoft has a workaround. That is out to turn off the ActiveX controls. As a result, the new ActiveX controls cannot be installed. The existing ActiveX controls, however, continue to work normally.