Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. It should be noted that by default, Office documents downloaded from the internet are opened either in Protected View or Application Guard, both of which would mitigate this particular attack.

If the attacker is able to convince the victim to download the file and bypass any mitigation, it would trigger the vulnerability and cause a malicious file to be downloaded and run on the affected machine. Currently, this vulnerability is used to deliver Cobalt Strike payloads.

Read more…
Source: Trend Micro