On Tuesday, Microsoft revealed an alarming vulnerability in Internet Explorer, a bug that is being used to harm Windows users. The attack is enabled by a weaponized Office file and works like this: A victim receives an email with a link to a Word document inside. It is very important that you do not click on the link; instead, you should open the document directly.
The critical vulnerability has been found in Microsoft’s proprietary web rendering engine. The flaw, tracked as CVE-2021-40444, allows attackers to remotely execute code on a vulnerable system. The engine is used to render web content inside Word, Excel, and PowerPoint documents.
They have said. “Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,”.
They also added: “An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,”
Microsoft has discovered a loophole in Windows that can be exploited by cybercriminals. It’s so serious, Microsoft is giving away the information for free. The flaw has been discovered by Mandiant and Exmon. Details are largely unknown, but it doesn’t look good.