In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines.
The vulnerability, CVE-2021-40444, is described as a hole in MSHTML, Internet Explorer’s browser engine. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing victims to open or view it, potentially achieving remote code execution.
Read more…
Source: The Register