Critical IE Zero-Day (CVE‑2021‑40444) Exploited via Malicious Office Docs – What You Need to Know

On September 8, the Microsoft security team warned that a zero‑day vulnerability in Internet Explorer is being actively exploited; malicious Microsoft Office documents can leverage the flaw to attack computers.

The vulnerability is tracked as CVE‑2021‑40444, affecting Microsoft’s MHTML (also known as Trident, the IE rendering engine). It enables remote code execution and has a CVSS score of 8.8.

MSHTML is the primary HTML component of IE and is also used by other applications. In Office it renders web content within Word, Excel, and PowerPoint documents.

The flaw was reported by Mandiant researchers Bryce Abdo, Dhanesh Kizhakkinan, and Genwei Jiang, together with EXPMON’s Haifei Li.

Microsoft stated that it is aware of targeted attacks attempting to exploit the vulnerability via specially crafted Office documents.

Attackers can create a malicious ActiveX control that is invoked by the Office document rendering engine; they then need to persuade the user to open the malicious file.

Microsoft notes that accounts with limited user privileges may be less impacted than those with administrative rights.

Details about the attackers, targets, and exploitation methods were not disclosed. Microsoft plans to fix the issue in the next Patch Tuesday and urges customers to disable all ActiveX controls in IE to avoid potential attacks.