A zero-day vulnerability in MSHTML that affects Microsoft Windows has been discovered and is being investigated by Microsoft. The zero-day is tracked as CVE-2021-40444 and is caused by a Remote Code Execution vulnerability.
Exploit details - Publicly disclosed and exploited:
An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.
A patch for this vulnerability is currently unavailable. Microsoft is investigating the vulnerability and will provide an update accordingly to its customers.
Mitigation and workarounds:
By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack.
Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability. For more details on how to disable ActiveX controls on individual systems, refer to this page.
The ManageEngine team